3 results (0.011 seconds)

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4

Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. Vulnerabilidad de salto de directorio en assets/captcha/includes/alikon/playcode.php en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4

Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "viewform" en una acción (1) ferforms o (2) tferforms a index.php y el (3) parámetro "id" en una acción vferforms a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60160 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "afmsg" a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •