CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3325 – Joomla! Component com_surveymanager 1.5.0 - 'stype' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3325
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. Vulnerabilidad de inyección SQL en el componente Focusplus Developments Survey Manager(com_surveymanager) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "stype" en una acción "editsurvey" a index.php. • https://www.exploit-db.com/exploits/9721 http://www.exploit-db.com/exploits/9721 http://www.securityfocus.com/bid/36464 http://www.vupen.com/english/advisories/2009/2705 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2009-3332 – Joomla! Component com_jbudgetsmagic 0.3.2 < 0.4.0 - 'bid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3332
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. Vulnerabilidad de inyección SQL en el componente JBudgetsMagic(com_jbudgetsmagic) v0.3.2 a la v0.4.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "bid" en una acción "mybudget" a index.php. • https://www.exploit-db.com/exploits/9723 http://www.exploit-db.com/exploits/9723 http://www.securityfocus.com/bid/36461 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3316 – Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3316
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. Vulnerabilidad de inyección SQL en el componente JReservation (com_jreservation) v1.0 y v1.5 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "pid" en una acción propertycpanel a index.php. • https://www.exploit-db.com/exploits/9713 http://osvdb.org/58176 http://secunia.com/advisories/36774 http://www.exploit-db.com/exploits/9713 http://www.securityfocus.com/bid/36446 https://exchange.xforce.ibmcloud.com/vulnerabilities/53327 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3334 – Joomla! Component com_jinc 0.2 - 'newsid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. Vulnerabilidad de inyección SQL en el componente Lhacky! • https://www.exploit-db.com/exploits/9732 http://www.exploit-db.com/exploits/9732 http://www.securityfocus.com/bid/36471 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2009-3318 – Joomla! Component com_album 1.14 - Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3318
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. Vulnerabilidad de salto de directorio en el componente Roland Breedveld Album (com_album) v1.14 para Joomla!, permite a atacantes remotos acceder a directorios de su elección y tener otro impacto a través de .. • https://www.exploit-db.com/exploits/9706 http://www.exploit-db.com/exploits/9706 http://www.securityfocus.com/bid/36441 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •