Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.9.5  Security Vulnerabilities
CVE-2019-18674
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-11-06
CVE-2019-18650
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.0
Published
2019-11-06
CVE-2019-16725
In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
CVSS Score
6.1
EPSS Score
0.04
Published
2019-09-24
CVE-2019-15028
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-08-14
CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVSS Score
6.5
EPSS Score
0.0
Published
2019-06-11
CVE-2019-12765
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVSS Score
9.8
EPSS Score
0.02
Published
2019-06-11
CVE-2019-12766
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-11
CVE-2019-11809
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-05-20
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
CVSS Score
9.8
EPSS Score
0.033
Published
2019-05-09
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved