Filtered by vendor Fabrikar
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37219 | 1 Fabrikar | 1 Fabrik | 2026-05-13 | 7.5 High |
| Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET requests to the onAjax_files method with path traversal sequences to enumerate files in system directories outside the intended web root. | ||||
| CVE-2010-1981 | 1 Fabrikar | 1 Fabrik | 2025-04-11 | N/A |
| Directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||||
| CVE-2011-5004 | 2 Fabrikar, Joomla | 2 Com Fabrikar, Joomla\! | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | ||||
| CVE-2018-10727 | 1 Fabrikar | 1 Fabrik | 2024-11-21 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | ||||
Page 1 of 1.