VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jul 21, 2014· Updated May 6, 2026

CVE-2014-4960

CVE-2014-4960

Description

Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

Affected products

22
  • Joomlaboat/Com Youtubegallery22 versions
    cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2:*:*:*:*:joomla\!:*:*+ 21 more
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.2:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.3:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.4:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.5:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.0:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.2:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.3:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.4:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.5:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.6:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.7:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.8:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:3.9.9:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.0:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.1:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.2:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.8:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.0.9:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.0:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.1:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.6:*:*:*:*:joomla\!:*:*
    • cpe:2.3:a:joomlaboat:com_youtubegallery:4.1.7:*:*:*:*:joomla\!:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.