National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,042 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2017-17870

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

Published: December 27, 2017; 12:08:20 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16634

In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

Published: November 09, 2017; 09:29:18 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16633

In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.

Published: November 09, 2017; 09:29:18 PM -05:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-15966

The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.

Published: October 29, 2017; 02:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-15965

The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.

Published: October 29, 2017; 02:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-15946

In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.

Published: October 27, 2017; 08:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-7715

Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.

Published: October 18, 2017; 02:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2015-7714

Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.

Published: October 18, 2017; 02:29:00 PM -04:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2017-14847

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14846

Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14845

Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14844

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14843

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14842

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2017-14841

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.

Published: September 27, 2017; 09:29:02 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2014-9686

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.

Published: September 27, 2017; 09:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Published: September 20, 2017; 02:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

Published: September 20, 2017; 02:29:01 PM -04:00
V3: 3.7 LOW
V2: 4.3 MEDIUM
CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

Published: September 20, 2017; 02:29:01 PM -04:00
V3: 6.1 MEDIUM
V2: 5.8 MEDIUM
CVE-2015-4075

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

Published: September 20, 2017; 12:29:00 PM -04:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM