VYPR
← All vendors
Vendor

Joomla

Joomla, also styled Joomla! and sometimes abbreviated as J!, is a free and open-source content management system (CMS) for publishing web content on websites. Web content applications include discussion forums, photo galleries, e-Commerce and user communities, and numerous other web-based applications. Joomla is developed by a community of volunteers supported with the legal, organisational and financial resources of Open Source Matters, Inc.

Founded 2005
Products
738
CVEs
1,051
Across products
509
Status
Private

Products

738
View all 738 products →

Recent CVEs

1,051
View all 1,051 CVEs →
  • CVE-2016-10033CriKEVDec 30, 2016
    Phpmailer Project
    Phpmailer
    risk 0.80cvss 9.8epss 1.00

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

  • CVE-2026-48907CriKEVJun 5, 2026
    Joomla
    JCE editor
    risk 0.77cvss epss 0.80

    A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

  • CVE-2017-8917CriMay 17, 2017
    Joomla
    Joomla!
    risk 0.75cvss 9.8epss 1.00

    SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2016-8869CriNov 4, 2016
    Joomla
    Joomla!
    risk 0.74cvss 9.8epss 0.97

    The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

  • CVE-2018-17254CriSep 20, 2018
    Joomla
    JCK Editor
    risk 0.73cvss 9.8epss 0.83

    The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

  • CVE-2018-7314CriFeb 22, 2018
    Joomla
    PrayerCenter
    risk 0.71cvss 9.8epss 0.60

    SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

  • CVE-2018-6605CriFeb 5, 2018
    Joomla
    Zh BaiduMap
    risk 0.71cvss 9.8epss 0.58

    SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

  • CVE-2018-6580CriFeb 2, 2018
    Joomla
    Jimtawl
    risk 0.70cvss 9.8epss 0.37

    Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.

  • CVE-2018-6396CriFeb 17, 2018
    Joomla
    Google Map Landkarten
    risk 0.69cvss 9.8epss 0.24

    SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

  • CVE-2018-7313CriFeb 22, 2018
    Joomla
    CW Tags
    risk 0.68cvss 9.8epss 0.20

    SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.

  • CVE-2016-10045CriDec 30, 2016
    Phpmailer Project
    Phpmailer
    risk 0.68cvss 9.8epss 0.98

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…

  • CVE-2018-17397CriSep 28, 2018
    Joomla
    AlphaIndex Dictionaries
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.

  • CVE-2018-17394CriSep 28, 2018
    Joomla
    Timetable Schedule
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.

  • CVE-2018-17385CriSep 28, 2018
    Joomla
    Social Factory
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.

  • CVE-2018-17384CriSep 28, 2018
    Joomla
    Swap Factory
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17383CriSep 28, 2018
    Joomla
    Collection Factory
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.

  • CVE-2018-17380CriSep 28, 2018
    Joomla
    Article Factory Manager
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.

  • CVE-2018-17379CriSep 28, 2018
    Joomla
    Raffle Factory
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.

  • CVE-2018-17377CriSep 28, 2018
    Joomla
    Questions
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.

  • CVE-2018-17376CriSep 28, 2018
    Joomla
    Reverse Auction Factory
    risk 0.67cvss 9.8epss 0.03

    SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.

View all 1,051 CVEs →