CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0753 – Joomla! Component user_id com_sqlreport - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0753
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente SQL Reports (com_sqlreport) v1.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro user_id sobre ajax/print.php. • https://www.exploit-db.com/exploits/11549 http://osvdb.org/62534 http://secunia.com/advisories/38678 http://www.exploit-db.com/exploits/11549 http://www.packetstormsecurity.com/1002-exploits/joomlasqlreport-sql.txt http://www.securityfocus.com/bid/38361 https://exchange.xforce.ibmcloud.com/vulnerabilities/56476 https://exchange.xforce.ibmcloud.com/vulnerabilities/56541 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0692
https://notcve.org/view.php?id=CVE-2010-0692
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente IP-Tech JQuarks (com_jquarks) v0.2.3 y posiblemente anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "id" a index.php. • http://secunia.com/advisories/38623 http://www.iptechinside.com/labs/news/show/6 http://www.osvdb.org/62332 http://www.securityfocus.com/bid/38203 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0694 – Joomla! Component com_perchagallery - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0694
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. Vulnerabilidad de inyección SQL en el componente PerchaGallery (com_perchagallery) anteriores a v1.5b para Joomla! permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a través del parámetro "id" en una acción "editunidad" a index.php. • https://www.exploit-db.com/exploits/11024 http://docs.joomla.org/Vulnerable_Extensions_List#New_format_Feed_Starts_Here http://packetstormsecurity.org/1001-exploits/joomlaperchagallery-sql.txt http://www.exploit-db.com/exploits/11024 http://www.securityfocus.com/bid/37642 https://exchange.xforce.ibmcloud.com/vulnerabilities/55447 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 42%CPEs: 4EXPL: 3CVE-2010-0696 – Joomla! Component Jw_allVideos - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2010-0696
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. Vulnerabilidad de salto de directorio en includes/download.php en el plugin JoomlaWorks AllVideos (Jw_allVideos) desde v3.0 hasta v3.2 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de ./../.../ (punto punto modificado) en el parámetro "file". • https://www.exploit-db.com/exploits/11447 http://osvdb.org/62331 http://secunia.com/advisories/38587 http://www.exploit-db.com/exploits/11447 http://www.joomlaworks.gr/content/view/77/34 http://www.securityfocus.com/bid/38238 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 4CVE-2009-4650 – Joomla! Component Webee Comments 1.1/1.2 - 'index2.php' articleId SQL Injection
https://notcve.org/view.php?id=CVE-2009-4650
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Webee Comments (com_webeecomment) v1.1.1, v1.2 y v2.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "articleId" en una acción por defecto a index2.php. • https://www.exploit-db.com/exploits/33637 http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html http://secunia.com/advisories/38625 http://www.osvdb.org/62334 http://www.securityfocus.com/bid/38204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •