National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Joomla
  • Search Type: Search All
There are 1,053 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2018-7482

** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads.

Published: February 28, 2018; 02:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-7319

SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.

Published: February 22, 2018; 02:29:09 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7318

SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.

Published: February 22, 2018; 02:29:09 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7317

Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.

Published: February 22, 2018; 02:29:08 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-7316

Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.

Published: February 22, 2018; 02:29:08 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7315

SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.

Published: February 22, 2018; 02:29:07 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7314

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

Published: February 22, 2018; 02:29:07 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7312

SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.

Published: February 22, 2018; 02:29:06 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7313

SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

Published: February 22, 2018; 09:29:00 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.

Published: February 20, 2018; 10:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-6024

SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.

Published: February 18, 2018; 03:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7180

SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7179

SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7178

SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-7177

SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6585

SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6584

SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6583

SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6396

SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-6394

SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.

Published: February 17, 2018; 02:29:01 AM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH