Filtered by vendor Joomla
Subscriptions
Total
935 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2025-04-03 | N/A |
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | ||||
CVE-2006-4470 | 1 Joomla | 1 Joomla\! | 2025-04-03 | N/A |
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | ||||
CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2025-04-03 | N/A |
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | ||||
CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2025-04-03 | N/A |
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | ||||
CVE-2006-4473 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | ||||
CVE-2006-4992 | 1 Joomla | 1 Jd-wordpress | 2025-04-03 | N/A |
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php. | ||||
CVE-2005-3771 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". | ||||
CVE-2006-1028 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | ||||
CVE-2005-3772 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | ||||
CVE-2005-3773 | 1 Joomla | 1 Joomla | 2025-04-03 | N/A |
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | ||||
CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | ||||
CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 6.1 Medium |
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | ||||
CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-29 | 4.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | ||||
CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | ||||
CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-26 | 6.1 Medium |
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | ||||
CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2025-03-20 | 5.4 Medium |
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | ||||
CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 4.6 Medium |
The Custom Fields component not correctly filter inputs, leading to a XSS vector. | ||||
CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2025-03-14 | 6.1 Medium |
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | ||||
CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2025-02-07 | 5.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | ||||
CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 6.1 Medium |
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. |