Shodan
Vulnerabilities
Vulnerable Software
Joomla:  Security Vulnerabilities
CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2008-11-13
CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVSS Score
7.5
EPSS Score
0.0
Published
2008-10-29
CVE-2008-4764
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
CVSS Score
5.0
EPSS Score
0.005
Published
2008-10-28
CVE-2008-4668
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVSS Score
9.0
EPSS Score
0.001
Published
2008-10-22
CVE-2008-4623
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
CVSS Score
7.5
EPSS Score
0.009
Published
2008-10-21
CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.004
Published
2008-10-20
CVE-2008-4102
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-09-18
CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
CVSS Score
5.0
EPSS Score
0.001
Published
2008-09-18
CVE-2008-4104
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVSS Score
5.8
EPSS Score
0.0
Published
2008-09-18
CVE-2008-4105
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-09-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved