CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-1499 – Joomla! Component MailTo - 'article' SQL Injection
https://notcve.org/view.php?id=CVE-2009-1499
01 May 2009 — SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. Vulnerabilidad de inyección de SQL en el componente MailTo (alias com_mailto) en Joomla! permite a atacantes remotos ejecutar comandos SQL a través del parámetro artículo (article) en index.php. • https://www.exploit-db.com/exploits/8366 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4103
https://notcve.org/view.php?id=CVE-2008-4103
18 Sep 2008 — The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. El componente mailto (alias com_mailto) en Joomla! 1.5 y versiones anteriores 1.5.7 que envía un mensaje de e-mail sin validar la URL, el cual permite a los atacantes remotos enviar spam. • http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html • CWE-20: Improper Input Validation •