CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2012-4256
https://notcve.org/view.php?id=CVE-2012-4256
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. El componente jNews (com_jnews) v7.5.1 para Joomla! permite a atacantes remotos obtener información sensible mediante el parámetro emailsearch, lo cual revela la ruta de instalación en un mensaje de error. • http://hauntit.blogspot.com/2012/04/en-jnews-jnewscore751-information.html http://packetstormsecurity.org/files/112233/jNews-7.5.1-Information-Disclosure.html https://exchange.xforce.ibmcloud.com/vulnerabilities/75198 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2008-1427 – Joomla! Component Acajoom 1.1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-1427
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php. Vulnerabilidad de inyección SQL en el componente Joobi Acajoom (com_acajoom) versiones 1.1.5 y 1.2.5 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección utilizando el parámetro mailingid en una acción mailing view en index.php. • https://www.exploit-db.com/exploits/5273 http://secunia.com/advisories/29429 http://www.securityfocus.com/bid/28305 https://exchange.xforce.ibmcloud.com/vulnerabilities/41290 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •