CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5043 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65187 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 https://exchange.xforce.ibmcloud.com/vulnerabilities/59142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5042 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5042
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente DJ-ArtGallery (com_djartgallery) de 0.9.1 for Joomla!. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro cid[] en una acción editItem de administrator/index.php. • https://www.exploit-db.com/exploits/13737 http://osvdb.org/65188 http://secunia.com/advisories/40073 http://www.exploit-db.com/exploits/13737 http://www.securityfocus.com/bid/40580 http://www.vupen.com/english/advisories/2010/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/59143 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3661 – Joomla! Component com_djcatalog - SQL Injection / Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3661
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente de Joomla! "DJ-catalog" (com_djcatalog) permiten a atacantes remotos ejecutar comandos SQL a través de (1) el parámetro "id" en una acción de showItem y (2) el parámetro cid en una acción show a index.php. • https://www.exploit-db.com/exploits/9693 http://secunia.com/advisories/36696 http://www.design-joomla.eu/joomla-news/dj-catalog-sql-bsql-injection-multiple-vulnerability-fix.html http://www.exploit-db.com/exploits/9693 http://www.securityfocus.com/bid/36412 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •