Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
joomla vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-27913
An issue exists in Joomla! 4.2.0 up to and including 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
Joomla Joomla\\!
5.3
CVSSv3
CVE-2022-27912
An issue exists in Joomla! 4.0.0 up to and including 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
Joomla Joomla\\!
5.3
CVSSv3
CVE-2022-27911
An issue exists in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
Joomla Joomla\\! 4.2.0
6.1
CVSSv3
CVE-2022-27910
In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most versions below)' are affected to an reflected Cross-Site Scripting (XSS) in an image upload function
Joomlatools Docman
7.5
CVSSv3
CVE-2022-23802
Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private info...
Ijoomla Guru 5.2.5
4.3
CVSSv3
CVE-2022-27909
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
Jdownloads Jdownloads 3.9.8.2
5.3
CVSSv3
CVE-2022-23794
An issue exists in Joomla! 3.0.0 up to and including 3.10.6 & 4.0.0 up to and including 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2022-23795
An issue exists in Joomla! 2.5.0 up to and including 3.10.6 & 4.0.0 up to and including 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2022-23797
An issue exists in Joomla! 3.0.0 up to and including 3.10.6 & 4.0.0 up to and including 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
Joomla Joomla\\!
9.8
CVSSv3
CVE-2022-23799
An issue exists in Joomla! 4.0.0 up to and including 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Joomla Joomla\\!
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »