CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-5989 – Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5989
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. Existe inyección SQL en el componente ccNewsletter 2.x para Joomla! mediante el parámetro id en una acción task=removeSubscriber; este problema está relacionado con CVE-2011-5099. Joomla ccNewsletter component version 2.x.x suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/44132 https://exploit-db.com/exploits/44132 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2011-5099 – Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5099
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en helper/popup.php en el componente ccNewsletter (mod_ccnewsletter) v1.0.7 a v1.0.9 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro id. • https://www.exploit-db.com/exploits/37101 http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html http://secunia.com/advisories/48934 http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html http://www.securityfocus.com/bid/53208 https://exchange.xforce.ibmcloud.com/vulnerabilities/75112 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4853 – Joomla! Component ccInvoices - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4853
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. Vulnerabilidad de inyección SQL en el componente ccInvoices (com_ccinvoices) de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de una acción viewInv de index.php. • https://www.exploit-db.com/exploits/15430 http://packetstormsecurity.org/1011-exploits/joomlaccinvoices-sql.txt http://securityreason.com/securityalert/8413 http://www.exploit-db.com/exploits/15430 https://exchange.xforce.ibmcloud.com/vulnerabilities/63079 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 7%CPEs: 2EXPL: 5CVE-2010-0467 – Joomla! Component CCNewsLetter - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0467
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. Vulnerabilidad de salto de directorio en el componente ccNewsletter (com_ccnewsletter) v1.0.5 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11277 https://www.exploit-db.com/exploits/11282 http://secunia.com/advisories/38378 http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html http://www.exploit-db.com/exploits/11277 http://www.exploit-db.com/exploits/11282 http://www.securityfocus.com/bid/37987 https://exchange.xforce.ibmcloud.com/vulnerabilities/55953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •