CVSS: 7.5EPSS: 79%CPEs: 1EXPL: 0CVE-2019-9922
https://notcve.org/view.php?id=CVE-2019-9922
29 Mar 2019 — An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Un salto de directorio permite el acceso de lectura en archivos arbitrarios. • https://extensions.joomla.org/extension/je-messenger • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9921
https://notcve.org/view.php?id=CVE-2019-9921
29 Mar 2019 — An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible leer información que solamente debería ser accesible a un usuario diferente. • https://extensions.joomla.org/extension/je-messenger • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9920
https://notcve.org/view.php?id=CVE-2019-9920
29 Mar 2019 — An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible realizar una acción dentro del contexto de la cuenta de otro usuario. • https://extensions.joomla.org/extension/je-messenger •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9919
https://notcve.org/view.php?id=CVE-2019-9919
29 Mar 2019 — An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. Es posible manipular los mensajes de modo que el código JavaScript se ejecute en el lado del usuario receptor cuando dicho mensaje se abra. • https://extensions.joomla.org/extension/je-messenger • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9918
https://notcve.org/view.php?id=CVE-2019-9918
29 Mar 2019 — An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. Se ha descubierto un fallo en el componente "Harmis JE Messenger" para Joomla! en su versión 1.2.2. • https://extensions.joomla.org/extension/je-messenger • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2018-12254 – Joomla! Component Ek Rishta 2.10 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-12254
12 Jun 2018 — router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. router.php en el componente Harmis Ek rishta (también conocido como ek-rishta) 2.10 para Joomla! permite la inyección SQL mediante PATH_INFO a un URI home/requested_user/Sent%20interest/. Joomla Ek Rishta component version 2.10 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/148189 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2018-7315 – Joomla! Component Ek Rishta 2.9 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-7315
22 Feb 2018 — SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. Existe inyección SQL en el componente Ek Rishta 3.0.2 para Joomla! mediante los parámetros gender, age1, age2, religion, mothertounge, caste o country. Joomla! • https://packetstorm.news/files/id/146548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5230
https://notcve.org/view.php?id=CVE-2012-5230
01 Oct 2012 — Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. Vulnerabilidad no especificada en el componente JE Story Submit (com_jesubmit) anteriores a v1.9 para Joomla! tiene vectores de ataque e impacto desconocidos. • http://joomlaextensions.co.in/product/JE-Story-Submit •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-5022 – Joomla! Component jesubmit 1.4 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-5022
02 Nov 2011 — SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. Vulnerabilidad de inyección SQL en el comonente JExtensions JE Story Submit (com_jesubmit) v1.4 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "view " sobre index.php. • https://www.exploit-db.com/exploits/14054 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 17%CPEs: 2EXPL: 4CVE-2010-5028 – Joomla! Component JE Job 1.0 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-5028
02 Nov 2011 — SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Job (com_jejob) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción de "item" para index.php. • https://www.exploit-db.com/exploits/12782 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •