Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla joomla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-35613
An issue exists in Joomla! 3.0.0 up to and including 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
Joomla Joomla\\!
7.5
CVSSv2
CVE-2020-22274
JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection via a customer's profile.
Jomsocial Jomsocial 4.7.6
7.5
CVSSv2
CVE-2020-10243
An issue exists in Joomla! prior to 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
Joomla Joomla\\!
7.5
CVSSv2
CVE-2011-4906
Tiny browser in TinyMCE 3.0 editor in Joomla! prior to 1.5.13 allows file upload and arbitrary PHP code execution.
Tiny Tinybrowser
1 EDB exploit
7.5
CVSSv2
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remot...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits
1 Github repository
7.5
CVSSv2
CVE-2019-17527
dataForDepandantField in models/custormfields.php in the JS JOBS FREE extension prior to 1.2.7 for Joomla! allows SQL Injection via the index.php?option=com_jsjobs&task=customfields.getfieldtitlebyfieldandfieldfo child parameter.
Joomsky Js Jobs
7.5
CVSSv2
CVE-2019-19846
In Joomla! prior to 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Joomla Joomla\\!
1 Github repository
7.5
CVSSv2
CVE-2019-19634
class.upload.php in verot.net class.upload up to and including 1.0.3 and 2.x up to and including 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a similar issue to CVE-2019-19576.
Verot Project Verot
Getk2 K2
1 Github repository
7.5
CVSSv2
CVE-2019-19576
class.upload.php in verot.net class.upload prior to 1.0.3 and 2.x prior to 2.0.4, as used in the K2 extension for Joomla! and other products, omits .phar from the set of dangerous file extensions.
Verot Project Verot
Getk2 K2
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2019-17399
The Shack Forms Pro extension prior to 4.0.32 for Joomla! allows path traversal via a file attachment.
Joomlashack Shack Forms Pro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »