9 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. Existe inyección SQL en el componente MediaLibrary Free 4.0.12 para Joomla! mediante el parámetro id o el parámetro mid array. Joomla! • https://www.exploit-db.com/exploits/44122 https://exploit-db.com/exploits/44122 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. Existe inyección SQL en el componente Advertisement Board 3.1.0 para Joomla! mediante una petición task=show_rss_categoriescatname=. Joomla! • https://www.exploit-db.com/exploits/44105 https://exploit-db.com/exploits/44105 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. Vulnerabilidad de inyección SQL en el módulo BookLibrary From Same Author (com_booklibrary) 1.5, y posiblemente versiones anteriores, para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en una acción view a index.php. • http://secunia.com/advisories/40130 http://secunia.com/secunia_research/2010-83 http://www.osvdb.org/65996 http://www.securityfocus.com/archive/1/512174/100/0/threaded http://www.securityfocus.com/bid/41350 http://www.vupen.com/english/advisories/2010/1707 https://exchange.xforce.ibmcloud.com/vulnerabilities/60107 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente BookLibrary Basic (com_booklibrary) v1.5.3 anterior a v1.5.3_2010_06_20 para Joomla! permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro bid[] en una acción (1) lend_request o (2) save_lend_request en index.php; el parámetro id en una acción (3) mdownload o (4) downitsf en index.php; o (5) el parámetro searchtext en una acción search en index.php. • http://ordasoft.com/Download/Download-document/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html http://ordasoft.com/Download/View-document-details/3-BookLibrary-1.5.3-Basic-for-Joomla-1.5.html http://osvdb.org/65879 http://secunia.com/advisories/40131 http://secunia.com/secunia_research/2010-84 http://www.securityfocus.com/archive/1/512094/100/0/threaded http://www.securityfocus.com/bid/41264 https://exchange.xforce.ibmcloud.com/vulnerabilities/59966 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 3

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de inclusión remota de archivos PHP en doc/releasenote.php en el componente BookLibrary (com_booklibrary) v1.0 para Joomla! permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path, un vector diferente que CVE-2009-2637. • https://www.exploit-db.com/exploits/9889 http://www.securityfocus.com/bid/36732 http://www.securityfocus.com/bid/36732/exploit http://www.vupen.com/english/advisories/2009/2969 • CWE-94: Improper Control of Generation of Code ('Code Injection') •