CVSS: 9.8EPSS: 15%CPEs: 4EXPL: 2CVE-2011-5148 – Joomla! Component Module Simple File Upload 1.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2011-5148
31 Aug 2012 — Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012. Mútiples vulnerabilidades de lista negra incompleta en el módulo Simple File Upload (mod_simplefileuploadv1.3) anteriores a v1.3.5 para Joo... • https://www.exploit-db.com/exploits/18287 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-5113 – Joomla! Component Techfolio 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5113
23 Aug 2012 — SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección de código SQL en frontend/models/techfoliodetail.php en el componente Techfolio (com_techfolio) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro catid. • https://www.exploit-db.com/exploits/18042 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2011-4823 – Joomla! Component Vik Real Estate 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4823
15 Dec 2011 — Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Vik Real Estate (com_vikrealestate) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) contract de una acción "results" y el pará... • https://www.exploit-db.com/exploits/18048 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 17%CPEs: 2EXPL: 4CVE-2010-5028 – Joomla! Component JE Job 1.0 - 'catid' SQL Injection
https://notcve.org/view.php?id=CVE-2010-5028
02 Nov 2011 — SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Job (com_jejob) v1.0 para Joomla! que permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "catid" en una acción de "item" para index.php. • https://www.exploit-db.com/exploits/12782 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4968 – Joomla! Component com_wmtpic 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4968
01 Nov 2011 — SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Vulnerabilidad de inyección SQL en el componente webmaster-tips.net Flash Gallery (com_wmtpic) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "Itemid" al index.php. • https://www.exploit-db.com/exploits/14128 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 4CVE-2010-4977 – Joomla! Component Canteen 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4977
01 Nov 2011 — SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. Vulnerabilidad de inyección SQL en menu.php del componente Canteen (com_canteen) 1.0 de Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro mealid de index.php. • https://www.exploit-db.com/exploits/34250 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4937 – Joomla! Component Amblog 1.0 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2010-4937
09 Oct 2011 — Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Amblog (com_amblog) v1.0 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro (1) articleid o (2) catid sobre index.php. • https://www.exploit-db.com/exploits/14596 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 3%CPEs: 9EXPL: 3CVE-2010-4949 – Joomla! Component FreiChat 1.0/2.x - HTML Injection
https://notcve.org/view.php?id=CVE-2010-4949
09 Oct 2011 — Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el (1) componente FreiChat anterior a v2.1.2 para Joomla! y en el (2) componente FreiChatPure anterior v1.2.2 para Joomla! • https://www.exploit-db.com/exploits/34374 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2010-4862 – Joomla! Component JE Directory 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4862
05 Oct 2011 — SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. Vulnerabilidad de inyección SQL en el componente JExtensions JE Directory (com_jedirectory) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro catid de una acción item a index.php. • https://www.exploit-db.com/exploits/15163 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 4CVE-2010-4865 – Joomla! Component JE Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4865
05 Oct 2011 — SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. Vulnerabilidad de inyección SQL en el componente JE Guestbook (com_jeguestbook) 1.0 de Joomla!. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro d_itemid de un acción item_detail de index.php. • https://www.exploit-db.com/exploits/15157 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •