CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2009-1280
https://notcve.org/view.php?id=CVE-2009-1280
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición de sitios cruzados en el componente com_media para Joomla! v1.5.x hasta v1.5.9 permite a atacantes remotos secuestrar la autentificación de de víctimas no especificadas mediante vectores desconocidos. • http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html http://secunia.com/advisories/34551 https://exchange.xforce.ibmcloud.com/vulnerabilities/49656 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-1258
https://notcve.org/view.php?id=CVE-2009-1258
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente RD-Autos (com_rdautos) v1.5.7 para Joomla! permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través del parámetro "makeid" en index.php. • http://osvdb.org/53138 http://secunia.com/advisories/34578 http://www.securityfocus.com/bid/34364 https://exchange.xforce.ibmcloud.com/vulnerabilities/49671 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •