2 results (0.017 seconds)

CVSS: 9.8EPSS: 14%CPEs: 1EXPL: 3

The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=com_joomanager&controller=details&task=download&path=configuration.php request. El componente Joomanager hasta la versión 2.0.0 para Joomla! tiene un problema de subida de archivos arbitrarios, lo que resulta en la exposición de credenciales de la base de datos mediante una petición index.php? • https://github.com/Luth1er/CVE-2017-18345-COM_JOOMANAGER-ARBITRARY-FILE-DOWNLOAD https://cxsecurity.com/issue/WLB-2018030054 https://vel.joomla.org/vel-blog/2020-joomanager-2-0-0-other https://www.exploit-db.com/exploits/44252 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Una vulnerabilidad de inyección SQL en el componente Joomanager, posiblemente v1.1.1, para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro catid de index.php. • https://www.exploit-db.com/exploits/14127 http://www.exploit-db.com/exploits/14127 http://www.securityfocus.com/bid/41256 https://exchange.xforce.ibmcloud.com/vulnerabilities/59945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •