CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-0372 – Joomla! Component com_articlemanager - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0372
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. Vulnerabilidad de inyección SQL en el componente Articlemanager para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "artid" en una acción display a index.php. • https://www.exploit-db.com/exploits/11140 http://packetstormsecurity.org/1001-exploits/joomlaarticlemanager-sql.txt http://www.exploit-db.com/exploits/11140 http://www.securityfocus.com/bid/37799 https://exchange.xforce.ibmcloud.com/vulnerabilities/55664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0373 – Joomla! Component com_libros - SQL Injection
https://notcve.org/view.php?id=CVE-2010-0373
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. Vulnerabilidad de inyección SQL en el componente libros (com_libros) para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción de detalle a index.php • https://www.exploit-db.com/exploits/11178 http://packetstormsecurity.org/1001-exploits/joomlalibros-sql.txt http://www.exploit-db.com/exploits/11178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55696 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2010-0374 – Joomla! Component com_marketplace 1.2 - 'catid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-0374
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente Marketplace (com_marketplace) 1.2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "catid" en una acción "show_category" para index.php • https://www.exploit-db.com/exploits/33529 http://www.packetstormsecurity.com/1001-exploits/joomlamarketplace-xss.txt http://www.securityfocus.com/bid/37819 https://exchange.xforce.ibmcloud.com/vulnerabilities/55662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-4625 – Joomla! Component BF Survey Pro Free - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4625
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. Vulnerabilidad de inyección SQL en la función updateOnePage de components/com_bfsurvey_pro/controller.php del componente Joomla! BF Survey Pro Free (com_bfsurvey_profree) v1.2.4, y otras versiones anteriores a la v1.2.6. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "table" (tabla) de una acción updateOnePage de index.php. • https://www.exploit-db.com/exploits/9601 http://osvdb.org/57883 http://secunia.com/advisories/36657 http://www.exploit-db.com/exploits/9601 http://www.tamlyncreative.com.au/software/forum/index.php?topic=357.msg1334#msg1334 http://www.vupen.com/english/advisories/2009/2609 https://exchange.xforce.ibmcloud.com/vulnerabilities/53107 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4620 – Joomla! Component Joomloc 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4620
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. Vulnerabilidad de inyección SQL en el componente Joomloc (com_joomloc) v1.0 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "edit task" (editar tarea) de index.php. • https://www.exploit-db.com/exploits/9604 http://osvdb.org/57885 http://secunia.com/advisories/36654 http://www.exploit-db.com/exploits/9604 http://www.securityfocus.com/bid/36322 http://www.vupen.com/english/advisories/2009/2612 https://exchange.xforce.ibmcloud.com/vulnerabilities/53110 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •