Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-23753
The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it.
Vi-solutions Visforms
6.1
CVSSv3
CVE-2023-28733
AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in ...
Acymailing Acymailing
9.8
CVSSv3
CVE-2023-28731
AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in v...
Acymailing Acymailing
7.5
CVSSv3
CVE-2023-28732
Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign's creation on front-office. This issue affects ...
Acymailing Acymailing
5.3
CVSSv3
CVE-2023-23752
An issue exists in Joomla! 4.0.0 up to and including 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Joomla Joomla\\!
54 Github repositories
4.3
CVSSv3
CVE-2023-23751
An issue exists in Joomla! 4.0.0 up to and including 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
Joomla Joomla\\!
6.3
CVSSv3
CVE-2023-23750
An issue exists in Joomla! 4.0.0 up to and including 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2016-15016
A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address...
Joomla Mod Einsatz Stats Project Joomla Mod Einsatz Stats
9.8
CVSSv3
CVE-2010-10003
A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is named b4604e523853965fa9...
Titlelink Project Titlelink
6.1
CVSSv3
CVE-2022-27914
An issue exists in Joomla! 4.0.0 up to and including 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.
Joomla Joomla\\!
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »