CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2018-5989 – Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5989
17 Feb 2018 — SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. Existe inyección SQL en el componente ccNewsletter 2.x para Joomla! mediante el parámetro id en una acción task=removeSubscriber; este problema está relacionado con CVE-2011-5099. Joomla ccNewsletter component version 2.x.x suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/146462 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 3CVE-2011-5099 – Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5099
14 Aug 2012 — SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en helper/popup.php en el componente ccNewsletter (mod_ccnewsletter) v1.0.7 a v1.0.9 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/37101 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4853 – Joomla! Component ccInvoices - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4853
05 Oct 2011 — SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. Vulnerabilidad de inyección SQL en el componente ccInvoices (com_ccinvoices) de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de una acción viewInv de index.php. • https://www.exploit-db.com/exploits/15430 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 17%CPEs: 2EXPL: 5CVE-2010-0467 – Joomla! Component CCNewsLetter - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0467
02 Feb 2010 — Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. Vulnerabilidad de salto de directorio en el componente ccNewsletter (com_ccnewsletter) v1.0.5 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11277 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •