CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1848 – Joomla! Component AgoraGroup 0.3.5.3 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-1848
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. Vulnerabilidad de inyección SQL en el componente JoomlaMe AgoraGroups (también conocido como AG o com_agoragroup) v0.3.5.3 para Joomla!, permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción groupdetail sobre index.php. • https://www.exploit-db.com/exploits/8814 http://www.securityfocus.com/bid/35118 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2009-1822 – Joomla! Component ArtForms 2.1 b7 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-1822
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el componente InterJoomla ArtForms (com_artforms) v2.1b7 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de el parámetro mosConfig_absolute_path en imgcaptcha.php o (2) mp3captcha.php en assets/captcha/includes/captchaform/, o (3) assets/captcha/includes/captchatalk/swfmovie.php. • https://www.exploit-db.com/exploits/8697 http://www.securityfocus.com/bid/34986 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1736 – Joomla! Component com_gsticketsystem - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-1736
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. Vulnerabilidad de inyección SQL en el componente GridSupport (GS) Ticket System (com_gsticketsystem) para Joomla! que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través del parámetro catid en la acción viewCategory para index.php • https://www.exploit-db.com/exploits/8731 http://www.securityfocus.com/bid/35025 https://exchange.xforce.ibmcloud.com/vulnerabilities/50624 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1499 – Joomla! Component MailTo - 'article' SQL Injection
https://notcve.org/view.php?id=CVE-2009-1499
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. Vulnerabilidad de inyección de SQL en el componente MailTo (alias com_mailto) en Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro artículo (article) en index.php. • https://www.exploit-db.com/exploits/8366 http://www.securityfocus.com/bid/34433 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2009-1496 – Joomla! Component Cmimarketplace - 'viewit' Directory Traversal
https://notcve.org/view.php?id=CVE-2009-1496
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. Vulnerabilidad de salto de directorio en el componente Cmi Marketplace (com_cmimarketplace) v0.1 para Joomla! permite a atacantes remotos listar directorios a su elección a través de un .. • https://www.exploit-db.com/exploits/8367 http://www.securityfocus.com/bid/34431 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •