Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.1.6  Security Vulnerabilities
CVE-2025-25226
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-08
CVE-2024-26279
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
CVE-2024-21731
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-07-09
CVE-2024-21723
Inadequate parsing of URLs could result into an open redirect.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-29
CVE-2024-21724
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-29
CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-29
CVE-2022-23793
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23794
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23795
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-03-30
CVE-2022-23797
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-03-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved