U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,183 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2018-7313

SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

Published: February 22, 2018; 9:29:00 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6024

SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

Published: February 18, 2018; 3:29:00 PM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-7180

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-7179

SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-7178

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-7177

SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6585

SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6584

SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6583

SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6396

SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6394

SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6373

SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.1: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6372

SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6370

SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6368

SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6006

SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6005

SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-6004

SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

Published: February 17, 2018; 2:29:01 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-5994

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

Published: February 17, 2018; 2:29:00 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH
CVE-2018-5993

SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.

Published: February 17, 2018; 2:29:00 AM -0500 		V3.0: 9.8 CRITICAL
 V2.0: 7.5 HIGH