Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363287 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0702 2 Joomla, Phoca 2 Joomla, Com Phocadocumentation 2026-04-23 N/A
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
CVE-2007-5310 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5362 3 Ag-solutions, Joomla, Mambo 3 Mosmedia Lite, Joomla, Mambo 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
CVE-2007-5363 2 Joomla, Webmaster-tips 2 Joomla, Panoramic Picture Viewer 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5410 2 Joomla, Webmaster-tips 2 Joomla, Flash Rss Reader 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5427 1 Joomla 2 Com Search Component, Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
CVE-2009-3834 2 Joomla, Webguerilla 2 Joomla, Com Photoblog 2026-04-23 N/A
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
CVE-2009-1280 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-2567 2 Almondsoft, Joomla 2 Almond Classifieds, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-5671 1 Joomla 1 Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-7033 2 Galore, Joomla 2 Com Simpleshop, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2009-4157 2 Joomla, Joomlatune 2 Joomla\!, Com Proofreader 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2010-0158 2 Joomla, Joomlabamboo 2 Joomla, Jb Simpla 2026-04-23 N/A
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report.
CVE-2009-2635 2 Joomla, Ordasoft 2 Joomla, Com Realestatemanager 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-3228 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
CVE-2009-0706 3 Joomla, Mambo, Simple-review 3 Joomla, Mambo, Com Simple Review 2026-04-23 N/A
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
CVE-2008-5607 2 Joomitaly, Joomla 2 Jmovies, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-0801 3 Joomla, Mambo-foundation, Paxxgallery 3 Joomla\!, Mambo, Com Paxxgallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.