CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33925
https://notcve.org/view.php?id=CVE-2021-33925
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login. • https://github.com/nitinp1232/cms-corephp/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25751
https://notcve.org/view.php?id=CVE-2020-25751
The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. El plugin paGO Commerce versión 2.5.9.0 para Joomla!, permite una inyección SQL por medio del parámetro filter_published de administrator/index.php? • https://geekwire.eu/2020/09/14/joomla-pago-commerce-2-5-9-0-sql-injection-authenticated https://www.exploit-db.com/exploits/48811 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4598 – Joomla! Component com_jphoto - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-4598
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. Vulnerabilidad de inyeccion SQL en el componente JPhoto (com_jphoto) v1.0 para Joomla! permite a atacantes remotos ejecutar comandos SQl arbitrarios a través del parámetro "id" en una acción "category" a index.php. • https://www.exploit-db.com/exploits/10367 http://osvdb.org/60864 http://packetstormsecurity.org/0912-exploits/joomlajphoto-sql.txt http://secunia.com/advisories/37676 http://www.exploit-db.com/exploits/10367 http://www.securityfocus.com/bid/37279 https://exchange.xforce.ibmcloud.com/vulnerabilities/54664 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •