CVE-2010-4617 – Joomla! Component JotLoader 2.2.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4617
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. Vulnerabilidad de salto de directorio en el componente JotLoader (com_jotloader) anterior a v2.2.1 para Joomla!, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto en el parámetro "section" a index.php. • https://www.exploit-db.com/exploits/15791 http://packetstormsecurity.org/files/view/96812/joomlajotloader-lfi.txt http://www.exploit-db.com/exploits/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/64223 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-2564 – Joomla! Component Jotloader 1.2.1.a - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-2564
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. Vulnerabilidad de injección SQL en el componente JotLoader (com_jotloader) 1.2.1.a y anteriores de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en index.php. • https://www.exploit-db.com/exploits/5737 http://secunia.com/advisories/30541 http://www.securityfocus.com/bid/29554 https://exchange.xforce.ibmcloud.com/vulnerabilities/42840 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •