CVE-2018-7314
|
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
Published:
February 22, 2018; 02:29:07 PM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7312
|
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
Published:
February 22, 2018; 02:29:06 PM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7313
|
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
Published:
February 22, 2018; 09:29:00 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2017-16356
|
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
Published:
February 20, 2018; 10:29:00 AM -05:00
|
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
|
CVE-2018-6024
|
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
Published:
February 18, 2018; 03:29:00 PM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7180
|
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7179
|
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7178
|
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-7177
|
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6585
|
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6584
|
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6583
|
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6396
|
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6394
|
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6373
|
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6372
|
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6370
|
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6368
|
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6006
|
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|
CVE-2018-6005
|
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
Published:
February 17, 2018; 02:29:01 AM -05:00
|
V3: 9.8 CRITICAL
V2: 7.5 HIGH
|