CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2009-2290 – Joomla! Component Boy Scout Advancement 0.3 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-2290
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. Vulnerabilidad de inyección SQL en el componente Boy Scout Advancement (com_bsadv) v0.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en (1) "account" o (2) "event task" al index.php. • https://www.exploit-db.com/exploits/8779 http://www.securityfocus.com/archive/1/503794/100/0/threaded http://www.securityfocus.com/bid/35087 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 3CVE-2009-2239 – Joomla! Component Casino 0.3.1 - Multiple SQL Injections s
https://notcve.org/view.php?id=CVE-2009-2239
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en los componentes (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack)y (3) casino_videopoker (com_casino_videopoker) v0.3.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" para index.php. • https://www.exploit-db.com/exploits/8743 http://www.exploit-db.com/exploits/8743 http://www.securityfocus.com/bid/35041 https://exchange.xforce.ibmcloud.com/vulnerabilities/50645 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2099 – Joomla! Component com_iJoomla_rss - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2099
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. Vulnerabilidad de inyección SQL en el componente iJoomla RSS Feeder (com_ijoomla_rss) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cat" en una acción "xml" al index.php. • https://www.exploit-db.com/exploits/8959 http://osvdb.org/55113 http://secunia.com/advisories/35454 http://www.securityfocus.com/bid/35379 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2009-2100 – Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2100
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. Vulnerabilidad de salto de directorio en el componente JoomlaPraise Projectfork (com_projectfork) v2.0.10 para Joomla!, permite a atacantes remotos leer archivos de su elección a través de secuencias de salto de directorio en el parámetro "section" al index.php. • https://www.exploit-db.com/exploits/8946 http://osvdb.org/55176 http://www.securityfocus.com/bid/35378 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2102 – Joomla! Component Jumi - 'fileid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2102
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Jumi (com_jumi) v2.0.3 y posiblemente otras versiones, para Joomla, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "fileid" al index.php. • https://www.exploit-db.com/exploits/8968 http://osvdb.org/55112 http://secunia.com/advisories/35465 http://www.securityfocus.com/bid/35384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •