CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0610 – Joomla! Component com_photoblog - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-0610
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist. El componente Photoblog (com_photoblog) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "blog" en una acción images al index.php. • https://www.exploit-db.com/exploits/11337 http://packetstormsecurity.org/1002-exploits/joomlaphotoblog-bsql.txt http://www.exploit-db.com/exploits/11337 http://www.securityfocus.com/bid/38136 https://exchange.xforce.ibmcloud.com/vulnerabilities/56135 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 7%CPEs: 2EXPL: 5CVE-2010-0467 – Joomla! Component CCNewsLetter - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-0467
Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. Vulnerabilidad de salto de directorio en el componente ccNewsletter (com_ccnewsletter) v1.0.5 para Joomla! permite a atacantes remotos leer ficheros arbitrarios a través de un .. • https://www.exploit-db.com/exploits/11277 https://www.exploit-db.com/exploits/11282 http://secunia.com/advisories/38378 http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html http://www.exploit-db.com/exploits/11277 http://www.exploit-db.com/exploits/11282 http://www.securityfocus.com/bid/37987 https://exchange.xforce.ibmcloud.com/vulnerabilities/55953 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0461 – Joomla! Component com_casino - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0461
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. Vulnerabilidad de inyección SQL en el componente casino (com_casino) v1.0 para Joomla! permite a atacantes remotos comandos SQL arbitrarios a través de el parámetro "id" en la acción (1) categoría o (2) player a index.php. • https://www.exploit-db.com/exploits/11237 http://packetstormsecurity.org/1001-exploits/joomlacasino1-sql.txt http://www.exploit-db.com/exploits/11237 http://www.securityfocus.com/bid/37938 https://exchange.xforce.ibmcloud.com/vulnerabilities/55846 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0459 – Joomla! Component com_mochigames - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0459
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mochigames (com_mochigames) v0.51 y posiblemente otras versiones para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "id" a index.php. • https://www.exploit-db.com/exploits/11243 http://packetstormsecurity.org/1001-exploits/joomlamochigames-sql.txt http://www.exploit-db.com/exploits/11243 http://www.securityfocus.com/bid/37931 https://exchange.xforce.ibmcloud.com/vulnerabilities/55841 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0456 – Joomla! Component com_gameserver - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0456
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. Vulnerabilidad de inyección SQL en el componente indianpulse Game Server (com_gameserver) v1.2 para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "grp" en una acción gameserver a index.php. • https://www.exploit-db.com/exploits/11222 http://www.exploit-db.com/exploits/11222 http://www.securityfocus.com/bid/37920 http://www.securityfocus.com/bid/37934 https://exchange.xforce.ibmcloud.com/vulnerabilities/55829 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •