Search Results (Refine Search)
- Keyword (text search): Joomla
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-9364 |
An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email. Published: March 04, 2020; 11:15:12 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2011-4908 |
TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php. Published: February 12, 2020; 5:15:12 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2011-4906 |
Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution. Published: February 12, 2020; 4:15:13 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2014-8739 |
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. Published: February 08, 2020; 1:15:11 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2011-1151 |
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. Published: February 05, 2020; 5:15:10 PM -0500 |
V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2011-4912 |
Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. Published: February 04, 2020; 9:15:11 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2011-4937 |
Joomla! 1.7.1 has core information disclosure due to inadequate error checking. Published: February 04, 2020; 8:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2011-3629 |
Joomla! core 1.7.1 allows information disclosure due to weak encryption Published: February 04, 2020; 8:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-5182 |
The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). Published: February 03, 2020; 12:15:15 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-8421 |
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. Published: January 28, 2020; 4:15:12 PM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-8420 |
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Published: January 28, 2020; 4:15:12 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2020-8419 |
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. Published: January 28, 2020; 4:15:11 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2011-3595 |
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters. Published: January 22, 2020; 11:15:10 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2011-4907 |
Joomla! 1.5x through 1.5.12: Missing JEXEC Check Published: January 15, 2020; 9:15:11 AM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2012-1563 |
Joomla! before 2.5.3 allows Admin Account Creation. Published: January 15, 2020; 8:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2012-1562 |
Joomla! core before 2.5.3 allows unauthorized password change. Published: January 15, 2020; 8:15:12 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2013-3932 |
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php. Published: January 02, 2020; 3:15:13 PM -0500 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2013-3931 |
Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. Published: January 02, 2020; 3:15:12 PM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-17527 |
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension before 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter. Published: December 19, 2019; 4:15:13 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-19846 |
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. Published: December 17, 2019; 11:15:15 PM -0500 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |