4 results (0.005 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4

Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. Vulnerabilidad de salto de directorio en assets/captcha/includes/alikon/playcode.php en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4

Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "viewform" en una acción (1) ferforms o (2) tferforms a index.php y el (3) parámetro "id" en una acción vferforms a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60160 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "afmsg" a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el componente InterJoomla ArtForms (com_artforms) v2.1b7 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de el parámetro mosConfig_absolute_path en imgcaptcha.php o (2) mp3captcha.php en assets/captcha/includes/captchaform/, o (3) assets/captcha/includes/captchatalk/swfmovie.php. • https://www.exploit-db.com/exploits/8697 http://www.securityfocus.com/bid/34986 • CWE-94: Improper Control of Generation of Code ('Code Injection') •