CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-4619
https://notcve.org/view.php?id=CVE-2009-4619
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Lucy Games (com_lucygames) v1.5.4 de Joomla!. Permite a usuarios remotos ejecutar comandos SQL de su elección a través de el parámetro "gameid" en una acción "game" de index.php. • http://www.exploit-db.com/exploits/9614 http://www.securityfocus.com/bid/36334 https://exchange.xforce.ibmcloud.com/vulnerabilities/53117 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4628 – Joomla! Component TPDugg 1.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4628
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. Vulnerabilidad de inyección SQL en el componente TemplatePlaza.com TPDugg (com_tpdugg) v1.1 de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción "tags" (etiquetas) de index.php. • https://www.exploit-db.com/exploits/9602 http://evilc0de.blogspot.com/2009/09/tpdugg-joomla-component-11-blind-sql.html http://osvdb.org/57894 http://secunia.com/advisories/36656 http://www.exploit-db.com/exploits/9602 http://www.securityfocus.com/bid/36321 http://www.templateplazza.com/extensions-updates/tpdugg-component-update-v-1.1.1.html http://www.vupen.com/english/advisories/2009/2610 https://exchange.xforce.ibmcloud.com/vulnerabilities/53108 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 4CVE-2009-4604 – Joomla! Component Mamboleto 2.0 RC3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4604
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo PHP en mamboleto.php en el componente Fernando Soares Mamboleto (com_mamboleto) v2.0 RC3 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/10369 http://packetstormsecurity.org/0912-exploits/joomlamamboleto-rfi.txt http://www.exploit-db.com/exploits/10369 http://www.securityfocus.com/bid/37280 https://exchange.xforce.ibmcloud.com/vulnerabilities/54662 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2009-4599 – Joomla! Component com_jsjobs 1.0.5.6 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4599
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente JS Jobs (com_jsjobs) v1.0.5.6 para Joomla! permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a través de (1) el parámetro "md" en una acción "employer view_company" a index.php o (2) el parámetro "oi" en una acción "employer view_company" a index.php. • https://www.exploit-db.com/exploits/10366 https://www.exploit-db.com/exploits/12822 http://packetstormsecurity.org/0912-exploits/joomlajobs-sql.txt http://www.exploit-db.com/exploits/10366 http://www.securityfocus.com/bid/37281 https://exchange.xforce.ibmcloud.com/vulnerabilities/54663 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4598 – Joomla! Component com_jphoto - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4598
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. Vulnerabilidad de inyeccion SQL en el componente JPhoto (com_jphoto) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQl arbitrarios a través del parámetro "id" en una acción "category" a index.php. • https://www.exploit-db.com/exploits/10367 http://osvdb.org/60864 http://packetstormsecurity.org/0912-exploits/joomlajphoto-sql.txt http://secunia.com/advisories/37676 http://www.exploit-db.com/exploits/10367 http://www.securityfocus.com/bid/37279 https://exchange.xforce.ibmcloud.com/vulnerabilities/54664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •