Filtered by vendor Joomla Subscriptions
Total 935 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-4469 1 Joomla 1 Joomla\! 2025-04-03 N/A
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
CVE-2006-4470 1 Joomla 1 Joomla\! 2025-04-03 N/A
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
CVE-2006-4471 1 Joomla 1 Joomla\! 2025-04-03 N/A
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
CVE-2006-4472 1 Joomla 1 Joomla\! 2025-04-03 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
CVE-2006-4473 1 Joomla 1 Joomla 2025-04-03 N/A
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
CVE-2006-4992 1 Joomla 1 Jd-wordpress 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
CVE-2005-3771 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
CVE-2006-1028 1 Joomla 1 Joomla 2025-04-03 N/A
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
CVE-2005-3772 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
CVE-2005-3773 1 Joomla 1 Joomla 2025-04-03 N/A
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
CVE-2023-23750 1 Joomla 1 Joomla\! 2025-03-29 6.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2024-21724 1 Joomla 1 Joomla\! 2025-03-29 6.1 Medium
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVE-2023-23751 1 Joomla 1 Joomla\! 2025-03-29 4.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2024-26279 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVE-2024-21729 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
CVE-2024-21730 1 Joomla 1 Joomla\! 2025-03-20 5.4 Medium
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
CVE-2024-26278 1 Joomla 1 Joomla\! 2025-03-14 4.6 Medium
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
CVE-2024-21731 1 Joomla 1 Joomla\! 2025-03-14 6.1 Medium
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
CVE-2023-23752 1 Joomla 1 Joomla\! 2025-02-07 5.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVE-2023-23754 1 Joomla 1 Joomla\! 2025-01-10 6.1 Medium
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.