5 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information. Joomla Guru extension versión 5.2.5, está afectada por: Permisos no Seguros. • https://guru.ijoomla.com/changelog • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. El plugin iJoomla com_adagency 6.0.9 para Joomla! permite inyección SQL mediante los parámetros "advertiser_status" y "status_select" en index.php. • https://www.vulnerability-lab.com/get_content.php?id=1927 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. Vulnerabilidad de inclusión remota de archivo PHP en el componente iJoomla Magazine (com_magazine) v3.0.1 para Joomla!, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro config de magazine.functions.php. • https://www.exploit-db.com/exploits/14896 http://packetstormsecurity.org/1009-exploits/ijoomlamagazine-rfi.txt http://securityreason.com/securityalert/8451 http://www.exploit-db.com/exploits/14896 https://exchange.xforce.ibmcloud.com/vulnerabilities/61598 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 4

Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una Vulnerabilidad del salto del directorio en el componente iJoomla News Portal (com_news_portal) versión 1.5.x para Joomla! permite a los atacantes remotos leer archivos arbitrarios por medio de un .. • https://www.exploit-db.com/exploits/12077 http://osvdb.org/63572 http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt http://secunia.com/advisories/39289 http://www.exploit-db.com/exploits/12077 http://www.securityfocus.com/bid/39222 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. Vulnerabilidad de inyección SQL en el componente iJoomla RSS Feeder (com_ijoomla_rss) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cat" en una acción "xml" al index.php. • https://www.exploit-db.com/exploits/8959 http://osvdb.org/55113 http://secunia.com/advisories/35454 http://www.securityfocus.com/bid/35379 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •