📦

joomla

Vendor: joomla

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 148 Code Available
Total RCEs 30 Remote Access
Total CVEs 1787 Total Indexed
Avg. EPSS 2.26% Exploit Prob.
Latest CVE CVE-2010-3028 Aug 16

Security Vulnerability Index

Page 1 / 179
3.6 CVSS
CVE-2010-3028

The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files.

EPSS: 0.05%
7.5 CVSS
CVE-2009-4789
RCE Exploit Found

Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.

EPSS: 0.94%
7.5 CVSS
CVE-2010-1470
Exploit Found

Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

EPSS: 4.77%
6.8 CVSS
CVE-2010-1219
Exploit Found

Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information.

EPSS: 4.13%
4.3 CVSS
CVE-2010-1217
Exploit Found

Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE: the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.

EPSS: 2.04%
5.0 CVSS
CVE-2010-0696
Exploit Found

Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.

EPSS: 16.03%
7.5 CVSS
CVE-2010-0694
Exploit Found

SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.

EPSS: 0.17%
6.5 CVSS
CVE-2010-0461
Exploit Found

SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.

EPSS: 0.00%
7.5 CVSS
CVE-2009-4604
RCE Exploit Found

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 1.39%
7.5 CVSS
CVE-2009-4599
Exploit Found

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

EPSS: 0.15%