CVSS: 7.5EPSS: 81%CPEs: 14EXPL: 2CVE-2015-7858 – Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-7858
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. Vulnerabilidad de inyección SQL en Joomla! 3.2 en versiones anteriores a 3.4.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-7297. • https://www.exploit-db.com/exploits/38797 http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html http://www.rapid7.com/db/modules/exploit/unix/webapp/joomla_contenthistory_sqli_rce http://www.securityfocus.com/bid/77295 http://www.securitytracker.com/id/1033950 https://www.trustwave.com/Resources& • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 1CVE-2015-6939 – Joomla! CMS 3.4.3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-6939
Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo de inicio de sesión en Joomla! 3.4.x en versiones anteriores a 3.4.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados . Joomla! • http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html http://packetstormsecurity.com/files/133907/Joomla-CMS-3.4.3-Cross-Site-Scripting.html http://www.securitytracker.com/id/1033541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-5397
https://notcve.org/view.php?id=CVE-2015-5397
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. Vulnerabilidad de falsificación de petición de sitios cruzados (CSRF) en Joomla! 3.2.0 a través de 3.3x y 3.4x antes de 3.4.2 que permite a atacantes secuestrar la autenticación de víctimas no especificadas para enviar peticiones que descargan código a través de vectores desconocidos. • http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html http://www.securityfocus.com/bid/76495 http://www.securitytracker.com/id/1032796 • CWE-352: Cross-Site Request Forgery (CSRF) •