Page 4 of 206 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. • https://developer.joomla.org/security-centre/309-20100423-core-sessation-fixation.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-session-fixation-1-5-0-1-5-15 • CWE-384: Session Fixation •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. Joomla! • https://developer.joomla.org/security-centre/310-20100423-core-installer-migration-script.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-arbitrary-file-upload-1-5-0-1-5-15 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. • https://developer.joomla.org/security-centre/311-20100423-core-negative-values-for-limit-and-offset.html https://www.acunetix.com/vulnerabilities/web/joomla-core-1-5-x-information-disclosure-1-5-0-1-5-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/854-20210503-core-csrf-in-data-download-endpoints.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint. Se detectó un problema en Joomla! versiones 3.0.0 hasta 3.9.26. • https://developer.joomla.org/security-centre/853-20210502-core-csrf-in-ajax-reordering-endpoint.html • CWE-352: Cross-Site Request Forgery (CSRF) •