CVE-2009-1499 – Joomla! Component MailTo - 'article' SQL Injection
https://notcve.org/view.php?id=CVE-2009-1499
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. Vulnerabilidad de inyección de SQL en el componente MailTo (alias com_mailto) en Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro artículo (article) en index.php. • https://www.exploit-db.com/exploits/8366 http://www.securityfocus.com/bid/34433 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-4103
https://notcve.org/view.php?id=CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. El componente mailto (alias com_mailto) en Joomla! 1.5 y versiones anteriores 1.5.7 que envía un mensaje de e-mail sin validar la URL, el cual permite a los atacantes remotos enviar spam. • http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html http://marc.info/?l=oss-security&m=122115344915232&w=2 http://marc.info/?l=oss-security&m=122118210029084&w=2 http://marc.info/?l=oss-security&m=122152798516853&w=2 http://secunia.com/advisories/31789 http://securityreason.com/securityalert/4275 https://exchange.xforce.ibmcloud.com/vulnerabilities/45070 • CWE-20: Improper Input Validation •