CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0381 – Joomla! Component Com BazaarBuilder Shopping Cart 5.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0381
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php. Vulnerabilidad de inyección SQL en el componente BazaarBuilder Ecommerce Shopping Cart (com_prod) v5.0 del gestor de contenidos Joomla!. Permite a los usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "cid" en una acción de tipo "products action" (acción de producto) en index.php. • https://www.exploit-db.com/exploits/7840 http://secunia.com/advisories/33612 http://www.securityfocus.com/bid/33380 https://exchange.xforce.ibmcloud.com/vulnerabilities/48141 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0377 – Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0377
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. Vulnerabilidad de inyección SQL en el componente beamospetition (com_beamospetition) v1.0.12 para Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro "mpid" en una acción "sign" de index.php, un vector diferente a CVE-2008-3132. • https://www.exploit-db.com/exploits/7847 http://www.securityfocus.com/archive/1/500250/100/0/threaded http://www.securityfocus.com/bid/33391 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0379 – Joomla! Component com_pcchess - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-0379
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. Vulnerabilidad de Inyección SQL en Prince Clan Chess Club (com_pcchess), componente para Joomla!, permite a atacantes remotos ejecutar código de su elección a través del parámetro "game_id" en una acción showgame sobre index.php, es un vector diferente a CVE-2008-0761. • https://www.exploit-db.com/exploits/7846 http://www.securityfocus.com/bid/33394 https://exchange.xforce.ibmcloud.com/vulnerabilities/48144 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0378 – Joomla! Component beamospetition 1.0.12 - SQL Injection / Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0378
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el componente beamospetition (com_beamospetition) 1.0.12 para Joomla! que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro pet en una acción sign. • https://www.exploit-db.com/exploits/7847 http://www.securityfocus.com/archive/1/500250/100/0/threaded http://www.securityfocus.com/bid/33391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0373 – Joomla! Component ElearningForce Flash Magazine Deluxe - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0373
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. Vulnerabilidad de inyección SQL en el componente componente ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) de Joomla!. Permite a los usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "mag_id" en una acción de tipo "magazine action " en index.php. • https://www.exploit-db.com/exploits/7881 http://secunia.com/advisories/33646 http://www.securityfocus.com/bid/33455 http://www.vupen.com/english/advisories/2009/0249 https://exchange.xforce.ibmcloud.com/vulnerabilities/48226 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •