CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2847 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2847
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "viewform" en una acción (1) ferforms o (2) tferforms a index.php y el (3) parámetro "id" en una acción vferforms a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60160 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2851
https://notcve.org/view.php?id=CVE-2010-2851
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el módulo BookLibrary From Same Author (com_booklibrary) 1.5, y posiblemente versiones anteriores, para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción view a index.php. • http://secunia.com/advisories/40130 http://secunia.com/secunia_research/2010-83 http://www.osvdb.org/65996 http://www.securityfocus.com/archive/1/512174/100/0/threaded http://www.securityfocus.com/bid/41350 http://www.vupen.com/english/advisories/2010/1707 https://exchange.xforce.ibmcloud.com/vulnerabilities/60107 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2845 – Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-2845
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php. Vulnerabilidad de inyección SQL en el componente QuickFAQ (com_quickfaq) 1.0.3 para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" en una acción category a index.php. • https://www.exploit-db.com/exploits/14296 http://packetstormsecurity.org/1007-exploits/joomlaquickfaq-sql.txt http://www.exploit-db.com/exploits/14296 http://www.securityfocus.com/bid/41508 https://exchange.xforce.ibmcloud.com/vulnerabilities/60236 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 4CVE-2010-2848 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2848
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. Vulnerabilidad de salto de directorio en assets/captcha/includes/alikon/playcode.php en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos leer ficheros de su elección mediante un .. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 4CVE-2010-2846 – Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-2846
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente InterJoomla ArtForms (com_artforms) 2.1b7.2 RC2 para Joomla! permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "afmsg" a index.php. • https://www.exploit-db.com/exploits/14263 http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt http://www.exploit-db.com/exploits/14263 http://www.securityfocus.com/archive/1/512215/100/0/threaded http://www.securityfocus.com/bid/41457 https://exchange.xforce.ibmcloud.com/vulnerabilities/60162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •