CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2018-5971 – Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5971
17 Feb 2018 — SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter. Existe inyección SQL en el componente MediaLibrary Free 4.0.12 para Joomla! mediante el parámetro id o el parámetro mid array. Joomla! • https://packetstorm.news/files/id/146452 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2009-2634 – Joomla! Component com_media_library 1.5.3 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-2634
28 Jul 2009 — PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de fichero PHP en toolbar_ext.php en el MediaLibrary (com_media_library) v1.5.3 Basic para Joomla! permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parametro "mosConfig_absolute_path". • https://www.exploit-db.com/exploits/8912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •