CVE-2010-1312 – Joomla! Component News Portal 1.5.x - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1312
Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Una Vulnerabilidad del salto del directorio en el componente iJoomla News Portal (com_news_portal) versión 1.5.x para Joomla! permite a los atacantes remotos leer archivos arbitrarios por medio de un .. • https://www.exploit-db.com/exploits/12077 http://osvdb.org/63572 http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt http://secunia.com/advisories/39289 http://www.exploit-db.com/exploits/12077 http://www.securityfocus.com/bid/39222 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-2676 – Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2676
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente iJoomla News Portal (com_news_portal) 1.0 y anteriores para Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro Itemid para index.php. • https://www.exploit-db.com/exploits/5761 https://exchange.xforce.ibmcloud.com/vulnerabilities/42936 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •