CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 4CVE-2010-5044 – Joomla! Component Search Log 3.1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-5044
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en los models/log.php en el componente Search Log (com_searchlog) v3.1.0 para Joomla! permite a usuarios autenticados remotamente, con privilegios Public Back-end, ejecutar comandos SQL a través del parámetro search en una acción de registro en administrator/index.php. • https://www.exploit-db.com/exploits/13746 https://www.exploit-db.com/exploits/13745 http://osvdb.org/65185 http://secunia.com/advisories/40055 http://www.exploit-db.com/exploits/13746 http://www.securityfocus.com/bid/40588 http://www.vupen.com/english/advisories/2010/1363 https://exchange.xforce.ibmcloud.com/vulnerabilities/59152 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4617 – Joomla! Component JotLoader 2.2.1 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4617
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. Vulnerabilidad de salto de directorio en el componente JotLoader (com_jotloader) anterior a v2.2.1 para Joomla!, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto en el parámetro "section" a index.php. • https://www.exploit-db.com/exploits/15791 http://packetstormsecurity.org/files/view/96812/joomlajotloader-lfi.txt http://www.exploit-db.com/exploits/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/64223 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •