CVE-2008-6653 – Joomla! Component Webhosting - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6653
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en webhosting.php en el modulo Webhosting (com_webhosting) anteriores a v1.1 RC7 para Joomla! y Mambo permite a atacantes remotos ejecutar comando SQL de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/5527 http://forum.wh-com.de/index.php?topic=497.0 http://osvdb.org/50423 http://www.securityfocus.com/bid/29000 https://exchange.xforce.ibmcloud.com/vulnerabilities/42124 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-6481 – Joomla! Component versioning 1.0.2 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-6481
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. Vulnerabilidad de inyección SQL en el componente Versioning (com_versioning) v1.0.2 en Joomla! y Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una tarea de edición en index.php. • https://www.exploit-db.com/exploits/5989 http://www.securityfocus.com/bid/30050 https://exchange.xforce.ibmcloud.com/vulnerabilities/43526 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-0726 – Joomla! Component gigCalendar 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0726
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. Vulnerabilidad de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro gigcal_gigs_id en una acción details en index.php. • https://www.exploit-db.com/exploits/7746 http://www.securityfocus.com/bid/33241 https://exchange.xforce.ibmcloud.com/vulnerabilities/47919 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-0730 – Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0730
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. Múltiples vulnerabilidades de inyección SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, cuando magic_quotes_gpc está deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) el parámetro gigcal _venues_id en una acción details para index.php, que no es manejada adecuadamente por venuedetails.php y (2) el parámetro gigcal_bands_id parameter en una acción details para index.php, que no es manejada adecuadamente por banddetails.php. Se trata de vectores diferentes de CVE-2009-0726. • https://www.exploit-db.com/exploits/32807 https://www.exploit-db.com/exploits/7815 http://www.securityfocus.com/archive/1/501174/100/0/threaded http://www.securityfocus.com/archive/1/501175/100/0/threaded http://www.securityfocus.com/archive/1/501176/100/0/threaded http://www.securityfocus.com/bid/33859 http://www.securityfocus.com/bid/33863 https://exchange.xforce.ibmcloud.com/vulnerabilities/48865 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-0706
https://notcve.org/view.php?id=CVE-2009-0706
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. Vulnerabilidad de inyección SQL en el componente Simple Review (com_simple_review) v1.3.5 para Joomla! y Mambo permite a atacantes remotos ejecutar comandos SQL de su elección, a través del parámetro "category" en index.php. • http://packetstormsecurity.org/0901-exploits/joomlasimplereview-sql.txt http://www.securityfocus.com/bid/33102 https://exchange.xforce.ibmcloud.com/vulnerabilities/47726 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •