joomla! vulnerabilities and exploits

NA
CVE-2019-19576

class.upload.php in verot.net class.upload before 1.0.3 and 2.x before 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions....

5
CVSSv2
CVE-2013-6879

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation path in an error message....

4.3
CVSSv2
CVE-2013-6878

Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search....

6.5
CVSSv2
CVE-2014-1214

views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter....

ProjoomSmart Flash Header
6.8
CVSSv2
CVE-2019-18650

An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability....

5
CVSSv2
CVE-2019-18674

An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure....

JoomlaJoomla!
4.3
CVSSv2
CVE-2018-10727

Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header....

7.5
CVSSv2
CVE-2019-17399

The Shack Forms Pro extension before 4.0.32 for Joomla! allows path traversal via a file attachment....

4.3
CVSSv2
CVE-2019-16725

In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates....

5
CVSSv2
CVE-2019-15028

In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms....