CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5042 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5042
02 Nov 2011 — Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el componente DJ-ArtGallery (com_djartgallery) de 0.9.1 for Joomla!. Permite a usuarios remotos inyectar codigo de script web ... • https://www.exploit-db.com/exploits/13737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5043 – Joomla! Component DJ-ArtGallery 0.9.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-5043
02 Nov 2011 — SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. Una vulnerabilidad de inyección SQL en el componente DJ-artgallery (com_djartgallery) v0.9.1 para Joomla! permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro cid[] en una acción EditItem a administrator/index.php. • https://www.exploit-db.com/exploits/13737 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3661 – Joomla! Component com_djcatalog - SQL Injection / Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-3661
11 Oct 2009 — Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente de Joomla! "DJ-catalog" (com_djcatalog) permiten a atacantes remotos ejecutar comandos SQL a través de (1) el parámetro "id" en una acción de showItem y (2) el parámetro cid en una acción show a index... • https://www.exploit-db.com/exploits/9693 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •