CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 4CVE-2009-4650 – Joomla! Component Webee Comments 1.1/1.2 - 'index2.php' articleId SQL Injection
https://notcve.org/view.php?id=CVE-2009-4650
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Webee Comments (com_webeecomment) v1.1.1, v1.2 y v2.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "articleId" en una acción por defecto a index2.php. • https://www.exploit-db.com/exploits/33637 http://jeffchannell.com/Joomla/webee-111-multiple-vulnerabilities.html http://secunia.com/advisories/38625 http://www.osvdb.org/62334 http://www.securityfocus.com/bid/38204 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2010-0676
https://notcve.org/view.php?id=CVE-2010-0676
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. Vulnerabilidad de salto de directorio en el componente RWCards (com_rwcards) v3.0.18 para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • http://packetstormsecurity.org/1002-exploits/joomlarwcards-lfi.txt http://secunia.com/advisories/38638 http://www.securityfocus.com/bid/38267 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0670
https://notcve.org/view.php?id=CVE-2010-0670
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. Vulnerabilidad no especificada en el componente para Joomla! IP-Tech JQuarks (com_jquarks) anteriores a la v0.2.4, permitiría a los atacantes obtener el path de instalación de Joomla! • http://www.iptechinside.com/labs/news/show/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/56523 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0632 – Joomla! Component com_simplefaq - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0632
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php. Vulnerabilidad de inyección SQL en el componente Parkview Consultants SimpleFAQ (com_simplefaq) para Joomla!, permite a atacantes remotos ejecutar comandos SAQL de su elección a través del parámetro "catid" en una acción display a index.php. • https://www.exploit-db.com/exploits/11294 http://packetstormsecurity.org/1001-exploits/joomlasimplefaq-sql.txt http://www.exploit-db.com/exploits/11294 http://www.securityfocus.com/bid/38015 https://exchange.xforce.ibmcloud.com/vulnerabilities/56028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0635
https://notcve.org/view.php?id=CVE-2010-0635
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el método plgSearchEventsearch::onSearch en eventsearch.php en el plugin JEvents Search v1.5 a la v1.5.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través de vectores sin especificar. • http://secunia.com/advisories/38404 http://www.jevents.net/forum/viewtopic.php?f=17&t=3910#p15526 http://www.securityfocus.com/bid/38050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •