National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,027 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2018-6004

SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5994

SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5993

SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5992

SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5991

SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5990

SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5989

SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5987

SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5983

SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5982

SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5981

SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5980

SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5975

SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5974

SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5971

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5970

SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.

Published: February 17, 2018; 02:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2015-3619

Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."

Published: February 06, 2018; 11:29:00 AM -05:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-6610

Information Leakage exists in the jLike 1.0 component for Joomla! via a task=getUserByCommentId request.

Published: February 05, 2018; 05:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-6609

SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.

Published: February 05, 2018; 05:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6605

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

Published: February 05, 2018; 04:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH