CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3417 – Joomla! Component idoblog 1.1b30 (com_idoblog) - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3417
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627. Vulnerabilidad de inyección SQL en el componente DoBlog (com_idoblog) v1.1 build 30 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "userid" en una acción "profile" de index.php, siendo una vulnerabilidad diferente que CVE-2008-2627. • https://www.exploit-db.com/exploits/9413 http://secunia.com/advisories/36243 http://www.exploit-db.com/exploits/9413 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3368 – Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2009-3368
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente Hotel Booking Reservation System (también conocido por HBS o com_hbssearch) para Joomla! permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través del parámetro adult -adulto- en una acción showhoteldetails en index.php. • https://www.exploit-db.com/exploits/9648 http://e-rdc.org/v1/news.php?readmore=142 http://secunia.com/advisories/33215 http://www.exploit-db.com/exploits/9648 http://www.securityfocus.com/archive/1/506444/100/0/threaded http://www.securityfocus.com/bid/36380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3342 – Joomla! Component AlphaUserPoints - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3342
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. Vulnerabilidad de inyección SQL en frontend/assets/ajax/checkusername.php en the AlphaUserPoints (com_alphauserpoints) componente v1.5.2 para Joomla! permite a los atacantes remotos, ejecutar arbitrariamente comandos SQL a través del parámetro username2points. • https://www.exploit-db.com/exploits/9654 http://www.securityfocus.com/bid/36383 http://www.vupen.com/english/advisories/2009/2659 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2009-3357 – Joomla! Component Hotel Booking System - Cross-Site Scripting / SQL Injection
https://notcve.org/view.php?id=CVE-2009-3357
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. Múltiples vulnerabilidades de inyección SQL en el componente Hotel Booking Reservation System (también conocido como HBS o com_hbssearch) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) "h_id", (2) "id", y (3) "rid" a longDesc.php; y el parámetro "h_id" a (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, y (12) detail8.php. Vectores distintos de CVE-2008-5865, CVE-2008-5874 y CVE-2008-5875. • https://www.exploit-db.com/exploits/9648 http://e-rdc.org/v1/news.php?readmore=142 http://secunia.com/advisories/33215 http://www.exploit-db.com/exploits/9648 http://www.securityfocus.com/archive/1/506444/100/0/threaded http://www.securityfocus.com/bid/36380 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-3335 – Joomla! Component Turtushout 0.11 - 'Name' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3335
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field. Vulnerabilidad de inyección SQL en el componente TurtuShout v0.11 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del campo Name. • https://www.exploit-db.com/exploits/9653 http://www.exploit-db.com/exploits/9653 https://exchange.xforce.ibmcloud.com/vulnerabilities/53209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •