CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4628 – Joomla! Component TPDugg 1.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4628
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. Vulnerabilidad de inyección SQL en el componente TemplatePlaza.com TPDugg (com_tpdugg) v1.1 de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "tags" (etiquetas) de index.php. • https://www.exploit-db.com/exploits/9602 http://evilc0de.blogspot.com/2009/09/tpdugg-joomla-component-11-blind-sql.html http://osvdb.org/57894 http://secunia.com/advisories/36656 http://www.exploit-db.com/exploits/9602 http://www.securityfocus.com/bid/36321 http://www.templateplazza.com/extensions-updates/tpdugg-component-update-v-1.1.1.html http://www.vupen.com/english/advisories/2009/2610 https://exchange.xforce.ibmcloud.com/vulnerabilities/53108 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-4625 – Joomla! Component BF Survey Pro Free - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4625
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. Vulnerabilidad de inyección SQL en la función updateOnePage de components/com_bfsurvey_pro/controller.php del componente Joomla! BF Survey Pro Free (com_bfsurvey_profree) v1.2.4, y otras versiones anteriores a la v1.2.6. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "table" (tabla) de una acción updateOnePage de index.php. • https://www.exploit-db.com/exploits/9601 http://osvdb.org/57883 http://secunia.com/advisories/36657 http://www.exploit-db.com/exploits/9601 http://www.tamlyncreative.com.au/software/forum/index.php?topic=357.msg1334#msg1334 http://www.vupen.com/english/advisories/2009/2609 https://exchange.xforce.ibmcloud.com/vulnerabilities/53107 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4599 – Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4599
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente JS Jobs (com_jsjobs) v1.0.5.6 para Joomla! permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través de (1) el parámetro "md" en una acción "employer view_company" a index.php o (2) el parámetro "oi" en una acción "employer view_company" a index.php. • https://www.exploit-db.com/exploits/10366 https://www.exploit-db.com/exploits/12822 http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt http://www.exploit-db.com/exploits/10366 http://www.securityfocus.com/bid/37281 https://exchange.xforce.ibmcloud.com/vulnerabilities/54663 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4598 – Joomla! Component com_jphoto - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4598
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. Vulnerabilidad de inyeccion SQL en el componente JPhoto (com_jphoto) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQl arbitrarios a través del parámetro "id" en una acción "category" a index.php. • https://www.exploit-db.com/exploits/10367 http://osvdb.org/60864 http://packetstormsecurity.org/0912-exploits/joomlajphoto-sql.txt http://secunia.com/advisories/37676 http://www.exploit-db.com/exploits/10367 http://www.securityfocus.com/bid/37279 https://exchange.xforce.ibmcloud.com/vulnerabilities/54664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4CVE-2009-4604 – Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4604
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo PHP en mamboleto.php en el componente Fernando Soares Mamboleto (com_mamboleto) v2.0 RC3 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/10369 http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txt http://www.exploit-db.com/exploits/10369 http://www.securityfocus.com/bid/37280 https://exchange.xforce.ibmcloud.com/vulnerabilities/54662 • CWE-94: Improper Control of Generation of Code ('Code Injection') •