CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2008-5790 – Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2008-5790
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. Múltiples vulnerabilidades de inclusión remota de fichero PHP en el componente Recly!Competitions v1.0 (com_competitions) para Joomla! • https://www.exploit-db.com/exploits/7039 http://www.securityfocus.com/bid/32192 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5494 – Joomla! Component Contact Info 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5494
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Contact Information Module (com_contactinfo) permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "catid" para index.php. • https://www.exploit-db.com/exploits/7093 http://securityreason.com/securityalert/4712 http://www.securityfocus.com/bid/32260 http://www.vupen.com/english/advisories/2008/3122 https://exchange.xforce.ibmcloud.com/vulnerabilities/46563 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2008-5226 – Mambo Component mambads 1.0 RC1 Beta - SQL Injection
https://notcve.org/view.php?id=CVE-2008-5226
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. Vulnerabilidad de inyección SQL en el componente MambAds (com_mambads) v1.0 RC1 Beta y v1.0 RC1 para Mambo; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro ma_cata en una acción "view" (ver) en index.php. Se trata de una vulnerabilidad diferente de CVE-2007-5177. • https://www.exploit-db.com/exploits/5692 http://securityreason.com/securityalert/4630 http://www.securityfocus.com/bid/29433 https://exchange.xforce.ibmcloud.com/vulnerabilities/42747 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 3CVE-2008-5053 – Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Vulnerabilidad de inclusión de archivo PHP remoto en admin.rssreader.php en el componente Simple RSS Reader (com_rssreader) 1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_live_site. • https://www.exploit-db.com/exploits/7096 http://osvdb.org/49859 http://securityreason.com/securityalert/4584 http://www.exploit-db.com/exploits/7096 http://www.securityfocus.com/bid/32265 http://www.vupen.com/english/advisories/2008/3119 https://exchange.xforce.ibmcloud.com/vulnerabilities/46559 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-4617 – Joomla! Component actualite 1.0 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el módulo actualite v1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/5337 http://securityreason.com/securityalert/4437 http://www.securityfocus.com/bid/28565 https://exchange.xforce.ibmcloud.com/vulnerabilities/41579 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •