CVE-2020-8419
https://notcve.org/view.php?id=CVE-2020-8419
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/798-20200101-core-csrf-in-batch-actions • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-8421
https://notcve.org/view.php?id=CVE-2020-8421
An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in com_actionlogs. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/800-20200103-core-xss-in-com-actionlogs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8420
https://notcve.org/view.php?id=CVE-2020-8420
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2011-4907
https://notcve.org/view.php?id=CVE-2011-4907
Joomla! 1.5x through 1.5.12: Missing JEXEC Check Joomla! versión versiones 1.5x hasta 1.5.12: una Falta de Comprobación de JEXEC. • https://developer.joomla.org/security/news/301-20090722-core-file-upload.html https://www.openwall.com/lists/oss-security/2011/12/25/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2019-19846
https://notcve.org/view.php?id=CVE-2019-19846
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. En Joomla! versiones anteriores a la versión 3.9.14, la falta de comprobación de los parámetros de configuración utilizados en las consultas SQL causó varios vectores de inyección SQL. • https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •