CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2255 – Joomla! Component com_bfsurvey_basic - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2255
09 Jun 2010 — SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente BF Survey Pro (com_bfsurvey_pro) anterior v1.3.1, componente BF Survey Pro Free (com_bfsurve... • https://www.exploit-db.com/exploits/10944 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2259 – Joomla! Component com_bfsurvey - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2259
09 Jun 2010 — Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en componente BF Survey (com_bfsurvey) de Jommla! permite a atacantes remotos añadir y ejecutar a su elección archivos locales a través de .. • https://www.exploit-db.com/exploits/10946 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-4625 – Joomla! Component BF Survey Pro Free - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4625
18 Jan 2010 — SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. Vulnerabilidad de inyección SQL en la función updateOnePage de components/com_bfsurvey_pro/controller.php del componente Joomla! BF Survey Pro Free (com_bfsurvey_profree) v1.2... • https://www.exploit-db.com/exploits/9601 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •