CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11891
https://notcve.org/view.php?id=CVE-2020-11891
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/809-20200401-core-incorrect-access-control-in-com-users-access-level-editing-function.html •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11889
https://notcve.org/view.php?id=CVE-2020-11889
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://developer.joomla.org/security-centre/811-20200403-core-incorrect-access-control-in-com-users-access-level-deletion-function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11890
https://notcve.org/view.php?id=CVE-2020-11890
21 Apr 2020 — An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. Se descubrió un problema en Joomla! versiones anteriores a la versión 3.9.17. • https://github.com/HoangKien1020/CVE-2020-11890 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10243
https://notcve.org/view.php?id=CVE-2020-10243
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/807-20200306-core-sql-injection-in-featured-articles-menu-parameters • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10242
https://notcve.org/view.php?id=CVE-2020-10242
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/803-20200302-core-xss-in-protostar-and-beez3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10241
https://notcve.org/view.php?id=CVE-2020-10241
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/802-20200301-core-csrf-in-com-templates-image-actions • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10240
https://notcve.org/view.php?id=CVE-2020-10240
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://developer.joomla.org/security-centre/805-20200304-core-identifier-collisions-in-com-users • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10239
https://notcve.org/view.php?id=CVE-2020-10239
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10239 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2020-10238
https://notcve.org/view.php?id=CVE-2020-10238
16 Mar 2020 — An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. Se detectó un problema en Joomla! versiones anteriores a 3.9.16. • https://github.com/HoangKien1020/CVE-2020-10238 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2011-1151
https://notcve.org/view.php?id=CVE-2011-1151
05 Feb 2020 — Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. Joomla! versión 1.6.0, es vulnerable a una inyección SQL por medio de los parámetros filter_order y filer_order_Dir. • https://packetstormsecurity.com/files/101835/Joomla-1.6.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •