CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-2782 – Joomla! Component com_jfusion - 'itemID' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2782
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Una vulnerabilidad de inyección de SQL en el componente JFusion (com_jfusion) de Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro Itemid en index.php. • https://www.exploit-db.com/exploits/9324 http://www.exploit-db.com/exploits/9324 http://www.securityfocus.com/bid/35912 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6923 – Joomla! Component Content 1.0.0 - 'itemID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6923
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. Vulnerabilidad de inyección SQL en el componente content (com_content) v1.0.0 de Joomla! permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro Itemid en una acción blogcategory action de index.php. • https://www.exploit-db.com/exploits/6025 https://exchange.xforce.ibmcloud.com/vulnerabilities/52455 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6883 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6883
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente para Joomla! Live Chat v1.0 (com_livechat), permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "last" a getChatRoom.php. • https://www.exploit-db.com/exploits/7441 http://secunia.com/advisories/33122 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47304 https://exchange.xforce.ibmcloud.com/vulnerabilities/52442 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6882 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6882
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string. Componente Live Chat (com_livechat) v1.0 para Joomla! permite a los atacantes remotos usar la secuencia de comandos xmlhttp.php como un proxy HTTP abierto para esconder una actividad de escaner de la red o un escaner de redes internas a través de una petición GET con una URL completa en la pregunta. • https://www.exploit-db.com/exploits/7441 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47305 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6881 – Joomla! Component live chat - SQL Injection / Open Proxy
https://notcve.org/view.php?id=CVE-2008-6881
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. Vulnerabilidad de inyección múltiple SQL en el componente Live Chat (com_livechat) para Joomla! permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de los últimos parámetro para (1) getChat.php, (2) getChatRoom.php, y (3) getSavedChatRooms.php. • https://www.exploit-db.com/exploits/7441 http://secunia.com/advisories/33122 http://www.securityfocus.com/bid/32803 https://exchange.xforce.ibmcloud.com/vulnerabilities/47304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •