CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40626 – [20231101] - Core - Exposure of environment variables
https://notcve.org/view.php?id=CVE-2023-40626
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information. El proceso de análisis de archivos de idioma podría manipularse para exponer variables de entorno. Las variables de entorno pueden contener información sensible. • https://developer.joomla.org/security-centre/919-20231101-core-exposure-of-environment-variables.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26029 – [20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field
https://notcve.org/view.php?id=CVE-2021-26029
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. Se detectó un problema en Joomla! versiones 1.6.0 hasta 3.9.24. • https://developer.joomla.org/security-centre/849-20210309-core-inadequate-filtering-of-form-contents-could-allow-to-overwrite-the-author-field.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15028
https://notcve.org/view.php?id=CVE-2019-15028
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms. En Joomla! versiones anteriores a 3.9.11, las comprobaciones inadecuadas en la función com_contact podrían permitir el envío de correo en formularios deshabilitados. • https://developer.joomla.org/security-centre/789-20190801-core-hardening-com-contact-contact-form •
CVSS: 9.8EPSS: 55%CPEs: 1EXPL: 3CVE-2019-10945 – Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2019-10945
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory. Un problema fue descubierto en Joomla! versiones anteriores a 3.9.5. • https://www.exploit-db.com/exploits/46710 https://github.com/dpgg101/CVE-2019-10945 http://packetstormsecurity.com/files/152515/Joomla-3.9.4-Arbitrary-File-Deletion-Directory-Traversal.html https://developer.joomla.org/security-centre/777-20190401-core-directory-traversal-in-com-media • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7742
https://notcve.org/view.php?id=CVE-2019-7742
An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector. Se ha descubierto un problema en versiones anteriores a la 3.9.3 de Joomla!. Una combinación de configuraciones específicas del servidor web, junto con tipos de archivo concretos y el rastreo de tipo MIME del lado del servidor, provoca un vector de ataque XSS. • https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •