Shodan
Vulnerabilities
Vulnerable Software
Joomla:  Security Vulnerabilities
CVE-2007-4503
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2007-08-23
CVE-2007-4504
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
CVSS Score
5.0
EPSS Score
0.002
Published
2007-08-23
CVE-2007-4506
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
CVSS Score
7.5
EPSS Score
0.007
Published
2007-08-23
CVE-2007-4509
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
CVSS Score
7.5
EPSS Score
0.0
Published
2007-08-23
CVE-2007-4244
PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
CVSS Score
7.5
EPSS Score
0.69
Published
2007-08-08
CVE-2007-4184
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2007-08-08
CVE-2007-4185
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.
CVSS Score
5.0
EPSS Score
0.005
Published
2007-08-08
CVE-2007-4186
PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS Score
6.8
EPSS Score
0.011
Published
2007-08-08
CVE-2007-4187
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.
CVSS Score
7.5
EPSS Score
0.101
Published
2007-08-08
CVE-2007-4188
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
CVSS Score
9.3
EPSS Score
0.001
Published
2007-08-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved