CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2008-5051 – Joomla! Component JooBlog 0.1.1 - 'PostID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. Vulnerabilidad de inyección SQL en el componente JooBlog (com_jb2) v0.1.1 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "PostID" a index.php. • https://www.exploit-db.com/exploits/7078 https://www.exploit-db.com/exploits/5734 http://securityreason.com/securityalert/4581 http://www.securityfocus.com/archive/1/498234/100/0/threaded http://www.securityfocus.com/bid/32236 http://www.vupen.com/english/advisories/2008/3094 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 3CVE-2008-4777 – Joomla! / Mambo Component Showroom Joomlearn LMS - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. Vulnerabilidad de inyección de SQL en el componente Showroom Joomlearn LMS (com_lms) para Joomla! y Mambo permite a un atacante remoto ejecutar código SQL de su elección por medio del parámetro cat en una tarea showTests. • https://www.exploit-db.com/exploits/31595 http://archives.neohapsis.com/archives/bugtraq/2008-04/0031.html http://www.securityfocus.com/archive/1/490410/100/0/threaded http://www.securityfocus.com/bid/28586 https://exchange.xforce.ibmcloud.com/vulnerabilities/41614 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2CVE-2008-4764 – Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4764
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. Vulnerabilidad de salto de directorio en el módulo eXtplorer (com_extplorer) v2.0.0 RC2 y anteriores en Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/5435 http://www.securityfocus.com/bid/28764 https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 2CVE-2008-4668 – Joomla! Component imagebrowser 0.1.5 rc2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-4668
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. Vulnerabilidad de salto de directorio en el componente Image Browser (com_imagebrowser) v0.1.5 para Joomla! permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante un .. • https://www.exploit-db.com/exploits/6618 http://securityreason.com/securityalert/4464 http://www.securityfocus.com/bid/31458 https://exchange.xforce.ibmcloud.com/vulnerabilities/45490 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-4623 – Joomla! Component ds-syndicate - 'feed_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4623
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php. Una vulnerabilidad de inyección SQL en el componente DS-Syndicate (com_ds-syndicate) versión 1.1.1 para Joomla, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro feed_id en el archivo index2.php. • https://www.exploit-db.com/exploits/6792 http://secunia.com/advisories/32321 http://securityreason.com/securityalert/4453 http://www.securityfocus.com/bid/31819 http://www.vupen.com/english/advisories/2008/2859 https://exchange.xforce.ibmcloud.com/vulnerabilities/45979 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •