CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2008-5671
https://notcve.org/view.php?id=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en index.php en Joomla! de v1.0.11 hasta v1.0.14 cuando RG_EMULATION esta activado en configuration.php, permite a atacantes remotos ejecutar código PHP a su elección a través de una URL en el parámetro "mosConfig_absolute_path". • http://secunia.com/advisories/29106 http://securityreason.com/securityalert/4787 http://www.joomla.org/announcements/release-news/4609-joomla-1015-released.html http://www.securityfocus.com/archive/1/488126/100/200/threaded http://www.securityfocus.com/archive/1/488199/100/200/threaded http://www.securityfocus.com/bid/27795 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2008-2564 – Joomla! Component Jotloader 1.2.1.a - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-2564
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. Vulnerabilidad de injección SQL en el componente JotLoader (com_jotloader) 1.2.1.a y anteriores de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cid en index.php. • https://www.exploit-db.com/exploits/5737 http://secunia.com/advisories/30541 http://www.securityfocus.com/bid/29554 https://exchange.xforce.ibmcloud.com/vulnerabilities/42840 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2008-2568 – Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2568
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. Vulnerabilidad de inyección SQL en el componente Simple Shop Galore (com_simpleshop) 3.4 y anteriores de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetrothe catid en una acción browse a index.php. • https://www.exploit-db.com/exploits/5833 https://www.exploit-db.com/exploits/5743 http://secunia.com/advisories/30461 http://www.securityfocus.com/bid/29565 https://exchange.xforce.ibmcloud.com/vulnerabilities/42871 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1935 – Joomla! Component Filiale 1.0.4 - 'idFiliale' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1935
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. Vulnerabilidad de inyección SQL en el componente Filiale para Joomla, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro idFiliale. • https://www.exploit-db.com/exploits/5488 http://www.securityfocus.com/bid/28900 http://www.vupen.com/english/advisories/2008/1346/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41980 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1890
https://notcve.org/view.php?id=CVE-2008-1890
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inyección SQL en el componente Jom Comment 2.0 build 345 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a mediante vectores no especificados. • http://secunia.com/advisories/29820 http://www.securityfocus.com/bid/28812 https://exchange.xforce.ibmcloud.com/vulnerabilities/41866 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •