Joomla: >> Joomla! >> 1.7.3 Security Vulnerabilities
Improper handling of identifiers lead to a SQL injection vulnerability in the quoteNameStr method of the database package. Please note: the affected method is a protected method. It has no usages in the original packages in neither the 2.x nor 3.x branch and therefore the vulnerability in question can not be exploited when using the original database class. However, classes extending the affected class might be affected, if the vulnerable method is used.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-04-08
Inadequate parsing of URLs could result into an open redirect.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-02-29
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-02-29
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-11-29
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-03-04
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-12-28
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
CVSS Score
9.8
EPSS Score
0.001
Published
2020-03-16
Joomla! core before 2.5.3 allows unauthorized password change.
CVSS Score
7.5
EPSS Score
0.0
Published
2020-01-15
Joomla! before 2.5.3 allows Admin Account Creation.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-01-15
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
CVSS Score
5.3
EPSS Score
0.0
Published
2019-08-14
Page 1