CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3053 – Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-3053
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. Vulnerabilidad de salto de directorio en el componente Agora (com_agora) v3.0.0b para Joomla! permite a atacantes remotos incluir y ejecutar ficheros locales de su elección a través de secuencias de salto de directorio en el parámetro action en la página avatars, al que se puede acceder a través de index.php. • https://www.exploit-db.com/exploits/9564 http://www.exploit-db.com/exploits/9564 http://www.securityfocus.com/bid/36207 https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3054 – Joomla! Component com_artportal 1.0 - 'portalid' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3054
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Artetics.com Art Portal (com_artportal) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro portalid en index.php. • https://www.exploit-db.com/exploits/9563 http://www.exploit-db.com/exploits/9563 http://www.securityfocus.com/bid/36206 https://exchange.xforce.ibmcloud.com/vulnerabilities/52962 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3063 – Joomla! Component com_gameserver 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-3063
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. Vulnerabilidad de inyección SQL el componente Game Server(com_gameserver) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "gamepanel" en una acción a index.php. • https://www.exploit-db.com/exploits/9571 http://www.exploit-db.com/exploits/9571 http://www.securityfocus.com/bid/36213 http://www.vupen.com/english/advisories/2009/2523 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2008-7033 – Galore Simple Shop 3.1 - 'section' SQL Injection
https://notcve.org/view.php?id=CVE-2008-7033
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. Vulnerabilidad de inyección SQL en el componente Simple Shop Galore (com_simpleshop) de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "section" en una acción "section" en index.php. • https://www.exploit-db.com/exploits/31296 http://www.osvdb.org/52094 http://www.securityfocus.com/archive/1/488692 http://www.securityfocus.com/bid/27977 https://exchange.xforce.ibmcloud.com/vulnerabilities/40802 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2789
https://notcve.org/view.php?id=CVE-2009-2789
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente Permis (com_groups) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una lista de acciones sobre index.php. • http://www.securityfocus.com/bid/35849 https://exchange.xforce.ibmcloud.com/vulnerabilities/52142 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •