The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-11-29
Updated
2023-12-05
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-30
Updated
2023-06-06
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-06-02
Updated
2020-10-19
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-03-16
Updated
2020-03-19
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Max CVSS
7.5
EPSS Score
0.08%
Published
2019-04-10
Updated
2020-08-24
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
Max CVSS
7.5
EPSS Score
0.27%
Published
2019-03-12
Updated
2020-08-24
An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.
Max CVSS
7.2
EPSS Score
0.62%
Published
2018-10-09
Updated
2020-08-24
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
Max CVSS
7.5
EPSS Score
1.27%
Published
2018-08-29
Updated
2019-10-03
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
Max CVSS
7.5
EPSS Score
0.29%
Published
2018-05-22
Updated
2018-06-22
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-07-17
Updated
2017-07-20
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
Max CVSS
7.5
EPSS Score
1.15%
Published
2016-12-16
Updated
2017-09-02
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
Max CVSS
7.5
EPSS Score
0.12%
Published
2016-12-16
Updated
2016-12-22
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.11%
Published
2016-01-12
Updated
2016-12-07
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
Max CVSS
7.5
EPSS Score
1.82%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
Max CVSS
7.5
EPSS Score
0.47%
Published
2015-12-16
Updated
2015-12-17
206 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!