CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 4CVE-2010-2259 – Joomla! Component com_bfsurvey - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2259
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en componente BF Survey (com_bfsurvey) de Jommla! permite a atacantes remotos añadir y ejecutar a su elección archivos locales a través de .. • https://www.exploit-db.com/exploits/10946 http://osvdb.org/61438 http://packetstormsecurity.org/1001-exploits/joomlabfsurvey-lfi.txt http://secunia.com/advisories/37866 http://www.exploit-db.com/exploits/10946 http://www.securityfocus.com/bid/37584 http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 4CVE-2010-2255 – Joomla! Component com_bfsurvey_basic - SQL Injection
https://notcve.org/view.php?id=CVE-2010-2255
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en el componente BF Survey Pro (com_bfsurvey_pro) anterior v1.3.1, componente BF Survey Pro Free (com_bfsurvey_profree) v1.2.6, y componente BF Survey Basic anterior v1.2 para Joomla! permit a atacantes remotos ejecutar comandos SQL a través del parámetro catid en index.php. • https://www.exploit-db.com/exploits/10944 http://osvdb.org/61456 http://packetstormsecurity.org/1001-exploits/joomlabfsurveypro-sql.txt http://secunia.com/advisories/37868 http://www.securityfocus.com/bid/37585 http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2009-4625 – Joomla! Component BF Survey Pro Free - SQL Injection
https://notcve.org/view.php?id=CVE-2009-4625
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php. Vulnerabilidad de inyección SQL en la función updateOnePage de components/com_bfsurvey_pro/controller.php del componente Joomla! BF Survey Pro Free (com_bfsurvey_profree) v1.2.4, y otras versiones anteriores a la v1.2.6. Permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro "table" (tabla) de una acción updateOnePage de index.php. • https://www.exploit-db.com/exploits/9601 http://osvdb.org/57883 http://secunia.com/advisories/36657 http://www.exploit-db.com/exploits/9601 http://www.tamlyncreative.com.au/software/forum/index.php?topic=357.msg1334#msg1334 http://www.vupen.com/english/advisories/2009/2609 https://exchange.xforce.ibmcloud.com/vulnerabilities/53107 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •