CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-2395 – Joomla! Component com_K2 -q 1.0.1b - 'category' SQL Injection
https://notcve.org/view.php?id=CVE-2009-2395
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. Vulnerabilidad de inyección de SQL en el componente K2 (com_k2) v1.0.1 beta y anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro categoría (category)en una acción itemlist a index.php. • https://www.exploit-db.com/exploits/9030 http://www.exploit-db.com/exploits/9030 http://www.securityfocus.com/bid/35517 http://www.vupen.com/english/advisories/2009/1733 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-2390 – Joomla! Component com_bookflip - 'book_id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-2390
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php. Vulnerabilidad de inyección SQL en el componente BookFlip (com_bookflip) v2.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro book_id a index.php. • https://www.exploit-db.com/exploits/9040 http://secunia.com/advisories/35608 http://www.exploit-db.com/exploits/9040 http://www.securityfocus.com/bid/35519 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2400 – Joomla! Component com_php - 'id' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2400
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección de SQL en el componente PHP (com_php) para Joomla! permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id en index.php. • https://www.exploit-db.com/exploits/9028 http://www.exploit-db.com/exploits/9028 http://www.securityfocus.com/bid/35515 http://www.vupen.com/english/advisories/2009/1732 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-6852 – Joomla! Component Ice Gallery 0.5b2 - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6852
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Ice Gallery (com_ice) v0.5 beta 2 para Joomla! permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro catid de index.php. • https://www.exploit-db.com/exploits/7572 http://www.securityfocus.com/bid/33008 https://exchange.xforce.ibmcloud.com/vulnerabilities/47604 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 2CVE-2008-6841 – Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-6841
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. Vulnerabilidad de inclusión remota de archivo PHP en los componentes Green Mountain Information Technology y Consulting Database Query v1.4.1.1 y anteriores para Joomla! , permiten a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro "mosConfig_absolute_path" a classes/DBQ/admin/common.class.php. • https://www.exploit-db.com/exploits/6003 http://www.securityfocus.com/bid/30093 https://exchange.xforce.ibmcloud.com/vulnerabilities/43615 • CWE-94: Improper Control of Generation of Code ('Code Injection') •