CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23802 – Extension - Insecure Permissions within Joomla Guru extensions
https://notcve.org/view.php?id=CVE-2022-23802
06 May 2022 — Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users' information. Information disclosure Access to private information and components, possibility to view other users' information. Joomla Guru extension versión 5.2.5, está afectada por: Permisos no Seguros. • https://guru.ijoomla.com/changelog • CWE-276: Incorrect Default Permissions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5696
https://notcve.org/view.php?id=CVE-2018-5696
14 Jan 2018 — The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php. El plugin iJoomla com_adagency 6.0.9 para Joomla! permite inyección SQL mediante los parámetros "advertiser_status" y "status_select" en index.php. • https://www.vulnerability-lab.com/get_content.php?id=1927 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2010-4918 – Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2010-4918
08 Oct 2011 — PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. Vulnerabilidad de inclusión remota de archivo PHP en el componente iJoomla Magazine (com_magazine) v3.0.1 para Joomla!, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro config de magazine.functions.php. • https://www.exploit-db.com/exploits/14896 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 4CVE-2010-1312 – Joomla! Component News Portal 1.5.x - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1312
08 Apr 2010 — Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una Vulnerabilidad del salto del directorio en el componente iJoomla News Portal (com_news_portal) versión 1.5.x para Joomla! permite a los atacantes remotos leer archivos arbitrarios por medio de un .. • https://www.exploit-db.com/exploits/12077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2099 – Joomla! Component com_iJoomla_rss - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2099
17 Jun 2009 — SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. Vulnerabilidad de inyección SQL en el componente iJoomla RSS Feeder (com_ijoomla_rss) para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "cat" en una acción "xml" al index.php. • https://www.exploit-db.com/exploits/8959 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •