National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,055 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2015-7714

Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.

Published: October 18, 2017; 02:29:00 PM -04:00
V3.0: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14847

Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14846

Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14845

Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14844

Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14843

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14842

Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-14841

Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.

Published: September 27, 2017; 09:29:02 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2014-9686

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7428.

Published: September 27, 2017; 09:29:00 PM -04:00
V3.0: 5.9 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

Published: September 20, 2017; 02:29:01 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 5.0 MEDIUM
CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.

Published: September 20, 2017; 02:29:01 PM -04:00
V3.0: 3.7 LOW
    V2: 4.3 MEDIUM
CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

Published: September 20, 2017; 02:29:01 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2015-4075

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.

Published: September 20, 2017; 12:29:00 PM -04:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2015-4074

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

Published: September 20, 2017; 12:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-4073

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.

Published: September 20, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2015-4072

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.

Published: September 20, 2017; 12:29:00 PM -04:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2013-7429

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.

Published: September 14, 2017; 12:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-2550

Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.

Published: September 08, 2017; 12:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-7428

The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.

Published: September 07, 2017; 12:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2013-7433

Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla!.

Published: August 29, 2017; 04:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM