CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2008-2990 – Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-2990
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. Vulnerabilidad de inclusión de archivo remoto en PHP en facileforms.frame.php del componente FacileForms (com_facileforms) 1.4.4 para Mambo y Joomla! permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro ff_compath. • https://www.exploit-db.com/exploits/5915 http://securityreason.com/securityalert/3967 http://www.securityfocus.com/bid/29904 https://exchange.xforce.ibmcloud.com/vulnerabilities/43290 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-2676 – Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2676
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente iJoomla News Portal (com_news_portal) 1.0 y anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro Itemid para index.php. • https://www.exploit-db.com/exploits/5761 https://exchange.xforce.ibmcloud.com/vulnerabilities/42936 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-2628 – Joomla! Component equotes 0.9.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-2628
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Vulnerabilidad de inyección SQL en el componente eQuotes (com_equotes) 0.9.4 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id de index.php. • https://www.exploit-db.com/exploits/5723 https://exchange.xforce.ibmcloud.com/vulnerabilities/42805 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2008-2632 – Joomla! Component acctexp 0.12.x - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-2632
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. Vulnerabilidad de inyección SQL en el componente acctexp (com_acctexp) 0.12.x y versiones anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro usage en una acción subscribe de index.php. • https://www.exploit-db.com/exploits/5721 https://exchange.xforce.ibmcloud.com/vulnerabilities/42794 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-2633 – Joomla! Component JoomRadio 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2633
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente EXP JoomRadio (com_joomradio) 1.0 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción (1) show_radio o (2) show_video de index.php. • https://www.exploit-db.com/exploits/5729 https://www.exploit-db.com/exploits/12400 http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt http://secunia.com/advisories/30513 http://www.securityfocus.com/archive/1/501069/100/0/threaded http://www.securityfocus.com/bid/29504 https://exchange.xforce.ibmcloud.com/vulnerabilities/42814 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •