CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10241
https://notcve.org/view.php?id=CVE-2020-10241
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10240
https://notcve.org/view.php?id=CVE-2020-10240
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10238
https://notcve.org/view.php?id=CVE-2020-10238
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10238 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1151
https://notcve.org/view.php?id=CVE-2011-1151
05 Feb 2020 — Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. Joomla! versión 1.6.0, es vulnerable a una inyección SQL por medio de los parámetros filter_order y filer_order_Dir. • https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4912
https://notcve.org/view.php?id=CVE-2011-4912
04 Feb 2020 — Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass. En com_mailto de Joomla! versiones 1.5.x hasta 1.5.13, presenta una omisión de tiempo de espera de correo automatizada. • https://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8419
https://notcve.org/view.php?id=CVE-2020-8419
28 Jan 2020 — An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/798-20200101-core-csrf-in-batch-actions • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8420
https://notcve.org/view.php?id=CVE-2020-8420
28 Jan 2020 — An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. Se detectó un problema en Joomla! versiones anteriores a 3.9.15. • https://developer.joomla.org/security-centre/799-20200102-core-csrf-com-templates-less-compiler • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4907
https://notcve.org/view.php?id=CVE-2011-4907
15 Jan 2020 — Joomla! 1.5x through 1.5.12: Missing JEXEC Check Joomla! versión versiones 1.5x hasta 1.5.12: una Falta de Comprobación de JEXEC. • https://developer.joomla.org/security/news/301-20090722-core-file-upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19846
https://notcve.org/view.php?id=CVE-2019-19846
18 Dec 2019 — In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. En Joomla! versiones anteriores a la versión 3.9.14, la falta de comprobación de los parámetros de configuración utilizados en las consultas SQL causó varios vectores de inyección SQL. • https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18650
https://notcve.org/view.php?id=CVE-2019-18650
06 Nov 2019 — An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.13. • https://developer.joomla.org/security-centre/794-20191001-core-csrf-in-com-template-overrides-view.html • CWE-352: Cross-Site Request Forgery (CSRF) •