CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4784 – Joomla! Component Joaktree 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4784
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. Vulnerabilidad de inyección SQL en el componente Joaktree (com_joaktree) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "treeId" a index.php. • https://www.exploit-db.com/exploits/10272 http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt http://secunia.com/advisories/37535 http://www.securityfocus.com/bid/37178 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4785 – Joomla! Component Quick News - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4785
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. Vulnerabilidad de inyección SQL en el componente Quick News (com_quicknews) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "newsid" en una acción view_item al index.php. • https://www.exploit-db.com/exploits/10252 http://packetstormsecurity.org/0911-exploits/joomla-quicknews.txt http://www.securityfocus.com/bid/37161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4789 – Joomla! Component MojoBlog 0.15 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2009-4789
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. Múltiples vulnerabilidades de inclusión remota de archivo PHP en el componente MojoBlog RC v0.15 para Joomla!, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path a (1) wp-comments-post.php y (2) wp-trackback.php. • https://www.exploit-db.com/exploits/10273 http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt http://www.securityfocus.com/bid/37179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-1468 – Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1468
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. Vulnerabilidad de inyección SQL en el comoponente Multi-Venue Restaurant Menu Manager (también conocido como MVRMM o com_mv_restaurantmenumanager) v1.5.2 Stable Update 3 y anteriores para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "mid" en una acción menu_display sobre index.php. • https://www.exploit-db.com/exploits/12159 http://packetstormsecurity.org/1004-exploits/joomlamvrmm-sql.txt http://secunia.com/advisories/39217 http://www.exploit-db.com/exploits/12159 http://www.securityfocus.com/bid/39382 http://www.xenuser.org/documents/security/joomla_com_MVRMM_sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2010-1477 – Joomla! Component SermonSpeaker - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1477
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php. Vulnerabilidad de inyección SQL en el componente SermonSpeaker (com_sermonspeaker) anteriores a v3.2.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro. • https://www.exploit-db.com/exploits/12184 http://joomlacode.org/gf/project/sermon_speaker/forum/?action=ForumBrowse&forum_id=7897&_forum_action=ForumMessageBrowse&thread_id=15219 http://joomlacode.org/gf/project/sermon_speaker/news/?action=NewsThreadView&id=2549 http://packetstormsecurity.org/1004-exploits/joomlasermonspeaker-sql.txt http://secunia.com/advisories/39385 http://www.exploit-db.com/exploits/12184 http://www.securityfocus.com/bid/39410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •