Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla joomla vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-17374
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
Thephpfactory Auction Factory 4.5.5
7.5
CVSSv2
CVE-2018-17381
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
Thephpfactory Dutch Auction Factory 2.0.2
7.5
CVSSv2
CVE-2018-17386
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
Thephpfactory Micro Deal Factory 2.4.0
7.5
CVSSv2
CVE-2018-17399
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
Jimtawl Project Jimtawl 2.2.7
7.5
CVSSv2
CVE-2018-17398
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
Arenam Amgallery 1.2.3
7.5
CVSSv2
CVE-2019-12765
An issue exists in Joomla! prior to 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
Joomla Joomla\\!
7.5
CVSSv2
CVE-2017-12758
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
Joomlaextensions Component Appointment 1.1
7.5
CVSSv2
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 does not prevent directory traversal, which allows malicious users to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
Typo3 Pharstreamwrapper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Drupal Drupal
Joomla Joomla\\!
7.5
CVSSv2
CVE-2019-10945
An issue exists in Joomla! prior to 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing malicious users to act outside the media manager root directory.
Joomla Joomla\\!
1 EDB exploit
1 Github repository
7.5
CVSSv2
CVE-2019-9184
SQL injection vulnerability in the J2Store plugin 3.x prior to 3.3.7 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the product_option[] parameter.
J2store J2store
1 EDB exploit
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »