CVE-2018-5971 – Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5971
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. Existe inyección SQL en el componente MediaLibrary Free 4.0.12 para Joomla! mediante el parámetro id o el parámetro mid array. Joomla! • https://www.exploit-db.com/exploits/44122 https://exploit-db.com/exploits/44122 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-2634 – Joomla! Component com_media_library 1.5.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2634
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP en toolbar_ext.php en el MediaLibrary (com_media_library) v1.5.3 Basic para Joomla! permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parametro "mosConfig_absolute_path". • https://www.exploit-db.com/exploits/8912 http://www.exploit-db.com/exploits/8912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •