CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4785 – Joomla! Component Quick News - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4785
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php. Vulnerabilidad de inyección SQL en el componente Quick News (com_quicknews) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "newsid" en una acción view_item al index.php. • https://www.exploit-db.com/exploits/10252 http://packetstormsecurity.org/0911-exploits/joomla-quicknews.txt http://www.securityfocus.com/bid/37161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4789 – Joomla! Component MojoBlog 0.15 - Multiple Remote File Inclusions
https://notcve.org/view.php?id=CVE-2009-4789
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. Múltiples vulnerabilidades de inclusión remota de archivo PHP en el componente MojoBlog RC v0.15 para Joomla!, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path a (1) wp-comments-post.php y (2) wp-trackback.php. • https://www.exploit-db.com/exploits/10273 http://packetstormsecurity.org/0912-exploits/joomlamojoblog-rfi.txt http://www.securityfocus.com/bid/37179 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4784 – Joomla! Component Joaktree 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4784
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php. Vulnerabilidad de inyección SQL en el componente Joaktree (com_joaktree) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "treeId" a index.php. • https://www.exploit-db.com/exploits/10272 http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt http://secunia.com/advisories/37535 http://www.securityfocus.com/bid/37178 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-1468 – Joomla! Component Multi-Venue Restaurant Menu Manager 1.5.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-1468
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. Vulnerabilidad de inyección SQL en el comoponente Multi-Venue Restaurant Menu Manager (también conocido como MVRMM o com_mv_restaurantmenumanager) v1.5.2 Stable Update 3 y anteriores para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "mid" en una acción menu_display sobre index.php. • https://www.exploit-db.com/exploits/12159 http://packetstormsecurity.org/1004-exploits/joomlamvrmm-sql.txt http://secunia.com/advisories/39217 http://www.exploit-db.com/exploits/12159 http://www.securityfocus.com/bid/39382 http://www.xenuser.org/documents/security/joomla_com_MVRMM_sql.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 5CVE-2010-1479 – Joomla! Component RokModule 1.1 - 'module' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2010-1479
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. Vulnerabilidad de inyección SQL en el módulo RokModule (com_rokmodule) v1.1 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "moduleid" en una acción rae sobre index.php. • https://www.exploit-db.com/exploits/21221 https://www.exploit-db.com/exploits/12148 http://packetstormsecurity.org/1004-exploits/joomlarokmodule-bsql.txt http://secunia.com/advisories/39255 http://www.exploit-db.com/exploits/12148 http://www.rockettheme.com/extensions-downloads/free/rokmodule/1040-rokmodule-component/download http://www.rockettheme.com/extensions-updates/673-rokmodule-security-update-released http://www.securityfocus.com/bid/39378 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •