CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4099 – Joomla! Component com_gcalendar 1.1.2 - 'gcid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4099
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente Google Calendar GCalendar v1.1.2, 2.1.4 y posiblemente versiones anteriores para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "gcid". • https://www.exploit-db.com/exploits/10232 http://osvdb.org/60517 http://packetstormsecurity.org/0911-exploits/joomlagcalendar-sql.txt http://secunia.com/advisories/37476 http://www.securityfocus.com/bid/37134 http://www.securityfocus.com/bid/37141 https://exchange.xforce.ibmcloud.com/vulnerabilities/54450 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-4104 – Joomla! Component com_lyftenbloggie 1.04 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4104
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. Vulnerabilidad de inyección SQL en el componente Lyften Designs LyftenBloggie (com_lyftenbloggie) v1.0.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro author en index.php. • https://www.exploit-db.com/exploits/10238 http://osvdb.org/60518 http://secunia.com/advisories/37499 http://securityreason.com/exploitalert/7480 http://www.securityfocus.com/bid/37140 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3CVE-2009-4094 – Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4094
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo PHP en class/php/d4m_ajax_pagenav.php en el componente D4J eZine (com_ezine) v2.1 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro GLOBALS[mosConfig_absolute_path. • https://www.exploit-db.com/exploits/10178 http://www.kamtiez.org/2009/11/joomla-mambo-component-comezine-remote.html http://www.securityfocus.com/bid/37043 https://exchange.xforce.ibmcloud.com/vulnerabilities/54307 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4059 – Joomla! Component Com_Joomclip - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4059
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. Vulnerabilidad de inyección SQL en el componente JoomClip (com_joomclip) de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través de el parámetro cat en una acción de "thumbs" de index.php. • https://www.exploit-db.com/exploits/10192 http://osvdb.org/60195 http://packetstormsecurity.org/0911-exploits/joomlajoomclip-sql.txt http://secunia.com/advisories/37400 http://www.securityfocus.com/bid/37049 https://exchange.xforce.ibmcloud.com/vulnerabilities/54323 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4057 – Joomla! Extension iF Portfolio Nexus - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4057
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. Una vulnerabilidad de inyección SQL en el componente de Joomla! inertialFATE iF Portfolio Nexus (com_if_nexus) 1.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro id en una acción de elemento a index.php. • https://www.exploit-db.com/exploits/10177 http://osvdb.org/60308 http://secunia.com/advisories/37408 http://www.packetstormsecurity.org/0911-exploits/joomlanexus-sql.txt http://www.securityfocus.com/bid/37050 https://exchange.xforce.ibmcloud.com/vulnerabilities/54325 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •