CVE-2015-8562

Public exploit
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Max CVSS
7.5
EPSS Score
97.31%
Published
2015-12-16
Updated
2018-10-09

CVE-2015-7858

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7857

Public exploit
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7297

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
Max CVSS
7.5
EPSS Score
97.56%
Published
2015-10-29
Updated
2017-09-13

CVE-2014-7228

Public exploit
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
Max CVSS
7.5
EPSS Score
95.17%
Published
2014-11-03
Updated
2016-05-09
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-11-29
Updated
2023-12-05
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-30
Updated
2023-06-06
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-06-02
Updated
2020-10-19
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-03-16
Updated
2020-03-19
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-04-10
Updated
2020-08-24
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
Max CVSS
7.5
EPSS Score
0.27%
Published
2019-03-12
Updated
2020-08-24
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Max CVSS
7.2
EPSS Score
0.62%
Published
2018-10-09
Updated
2020-08-24
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
Max CVSS
7.5
EPSS Score
1.27%
Published
2018-08-29
Updated
2019-10-03
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
Max CVSS
7.5
EPSS Score
0.29%
Published
2018-05-22
Updated
2018-06-22
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-07-17
Updated
2017-07-20
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
Max CVSS
7.5
EPSS Score
1.15%
Published
2016-12-16
Updated
2017-09-02
206 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!