Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla! vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-28732
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects ...
Acymailing Acymailing
9.8
CVSSv3
CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in v...
Acymailing Acymailing
6.1
CVSSv3
CVE-2023-28733
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in ...
Acymailing Acymailing
5.3
CVSSv3
CVE-2023-23752
An issue exists in Joomla! 4.0.0 up to and including 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Joomla Joomla\\!
51 Github repositories
6.3
CVSSv3
CVE-2023-23750
An issue exists in Joomla! 4.0.0 up to and including 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Joomla Joomla\\!
4.3
CVSSv3
CVE-2023-23751
An issue exists in Joomla! 4.0.0 up to and including 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2016-15016
A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address...
Joomla Mod Einsatz Stats Project Joomla Mod Einsatz Stats
9.8
CVSSv3
CVE-2010-10003
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is named b4604e523853965fa9...
Titlelink Project Titlelink
6.1
CVSSv3
CVE-2022-27914
An issue exists in Joomla! 4.0.0 up to and including 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
Joomla Joomla\\!
5.3
CVSSv3
CVE-2022-27912
An issue exists in Joomla! 4.0.0 up to and including 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
Joomla Joomla\\!
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29758
CVE-2023-42931
unauthorized
CVE-2024-1540
unprivileged
CVE-2023-24955
CVE-2024-20259
logic flaw
CVE-2024-20333
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »