CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 2CVE-2007-4781 – Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-4781
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. administrator/index.php en el componente installer (com_installer) en Joomla! 1.5 Beta1, Beta2, y RC1 permite a administradores remotos validados actualizar archivos de su elección en tmp/ a través de la funcionalidad "Upload Package File" , la cual es accesible cuando com_installer es el valor del parámetro option. • https://www.exploit-db.com/exploits/4350 http://osvdb.org/45888 http://www.securityfocus.com/bid/25508 https://exchange.xforce.ibmcloud.com/vulnerabilities/36424 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2007-4777
https://notcve.org/view.php?id=CVE-2007-4777
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. Una vulnerabilidad de inyección SQL en Joomla! versión 1.5 anterior a RC2 (también se conoce como Endeleo), permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de vectores de ataque no especificados, probablemente relacionados con la sección de archivado. • http://osvdb.org/39070 http://osvdb.org/39071 http://osvdb.org/39072 http://securityreason.com/securityalert/3108 http://www.joomla.org/content/view/3831/1 http://www.securityfocus.com/archive/1/478451/100/0/threaded http://www.securityfocus.com/bid/25508 https://exchange.xforce.ibmcloud.com/vulnerabilities/36423 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2007-4780
https://notcve.org/view.php?id=CVE-2007-4780
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. Joomla! 1.5 anterior a RC2 (también conocido como Endeleo) permite a atacantes remotos obtener información sensible (la ruta completa) a través de vectores no especificados, probablemente afectando a las respuestas de directorio en ciertas secuencias de comandos PHP en los directorios tmpl/. • http://osvdb.org/45875 http://securityreason.com/securityalert/3108 http://www.joomla.org/content/view/3831/1 http://www.securityfocus.com/archive/1/478451/100/0/threaded http://www.securityfocus.com/bid/25508 https://exchange.xforce.ibmcloud.com/vulnerabilities/36426 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4184
https://notcve.org/view.php?id=CVE-2007-4184
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. Vulnerabilidad de inyección SQL en administrator/popups/pollwindows.php de Jopomla! 1.0.12 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro pollid. • http://www.securityfocus.com/archive/1/475066/100/0/threaded http://www.securityfocus.com/archive/1/480738/100/0/threaded http://www.securityfocus.com/archive/1/480757/100/0/threaded http://www.securityfocus.com/archive/1/480809/100/0/threaded •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4185
https://notcve.org/view.php?id=CVE-2007-4185
Joomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages. Joomla! 1.0.12 permite a atacantes remotos obtener información sensible mediante una petición directa a (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, y (6) TemplateCache.php en includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; y otros componentes no especificados, lo cual revela la ruta en varios mensajes de error. • http://osvdb.org/39037 http://osvdb.org/39038 http://osvdb.org/39039 http://osvdb.org/39040 http://osvdb.org/39041 http://osvdb.org/39042 http://osvdb.org/39043 http://www.securityfocus.com/archive/1/475066/100/0/threaded http://www.securityfocus.com/archive/1/480738/100/0/threaded http://www.securityfocus.com/archive/1/480757/100/0/threaded http://www.securityfocus.com/archive/1/480809/100/0/threaded •