CVSS: 7.5EPSS: 12%CPEs: 11EXPL: 2CVE-2011-4804 – Joomla! Component com_kp - 'Controller' Local File Inclusion
https://notcve.org/view.php?id=CVE-2011-4804
14 Dec 2011 — Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilida de salto de directorio en el componente obSuggest (com_obsuggest) antes de v1.8 para Joomla! permite a atacantes remotos leer archivos de su elección a través del parámetro .. • https://www.exploit-db.com/exploits/36598 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2010-2920 – Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2920
30 Jul 2010 — Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Foobla Suggestions (com_foobla_suggestions) v1.5.1.2 de Joomla! permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "controller" de index.php. • https://www.exploit-db.com/exploits/12120 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3669 – Joomla! Component com_foobla_suggestions (idea_id) 1.5.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3669
11 Oct 2009 — SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente para Joomla! foobla Suggestions (com_foobla_suggestions) v1.5.11 permite a atacantes remotos ejecutar comandos SQL a través del parámetro idea_id a index.php. • https://www.exploit-db.com/exploits/9697 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •