) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): Joomla
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-5991 |
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5990 |
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5989 |
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5987 |
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5983 |
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5982 |
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5981 |
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5980 |
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5975 |
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5974 |
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5971 |
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-5970 |
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter. Published: February 17, 2018; 2:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-3619 |
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company." Published: February 06, 2018; 11:29:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-6610 |
Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request. Published: February 05, 2018; 5:29:00 PM -0500 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2018-6609 |
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. Published: February 05, 2018; 5:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-6605 |
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. Published: February 05, 2018; 4:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-6604 |
SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request. Published: February 05, 2018; 4:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-6582 |
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. Published: February 05, 2018; 4:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-6581 |
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. Published: February 02, 2018; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-6580 |
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request. Published: February 02, 2018; 12:29:00 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |