VYPR

Vendor CVEs

Joomla

All CVEs

1,051 total · sorted by risk
  • CVE-2020-10239Mar 16, 2020
    risk 0.01cvss epss 0.03

    An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.

  • CVE-2020-10238Mar 16, 2020
    risk 0.01cvss epss 0.06

    An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

  • CVE-2019-16675Oct 31, 2019
    risk 0.01cvss epss 0.03

    An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original…

  • CVE-2007-4187Aug 8, 2007
    risk 0.01cvss epss 0.11

    Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1)…

  • CVE-2007-0373Jan 19, 2007
    risk 0.01cvss epss 0.12

    Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter…

  • CVE-2019-25762Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=com_jpprojects&view=projects&tmpl=c…

  • CVE-2019-25761Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the deal_id parameter. Attackers can send GET requests to index.php with…

  • CVE-2019-25760Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task…

  • CVE-2019-25759Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with…

  • CVE-2019-25758Jun 19, 2026
    risk 0.00cvss epss 0.01

    Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profile_pic parameter. Attackers can upload PHP files via POST requests to the employee…

  • CVE-2019-25757Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL…

  • CVE-2019-25756Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with…

  • CVE-2019-25755Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with…

  • CVE-2019-25754Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint…

  • CVE-2019-25753Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the…

  • CVE-2019-25752Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the…

  • CVE-2019-25751Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch,…

  • CVE-2019-25750Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels…

  • CVE-2019-25748Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL…

  • CVE-2017-20282Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20281Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch…

  • CVE-2017-20280Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the…

  • CVE-2017-20279Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to…

  • CVE-2017-20278Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL…

  • CVE-2017-20277Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL…

  • CVE-2017-20276Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy,…

  • CVE-2017-20274Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking,…

  • CVE-2017-20273Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…

  • CVE-2017-20272Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_selectuser_id parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20271Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20270Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Twitch Tv 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username and id parameters. Attackers can send GET requests to index.php with…

  • CVE-2017-20269Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and…

  • CVE-2017-20268Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with…

  • CVE-2017-20267Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id…

  • CVE-2017-20265Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20264Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20263Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…

  • CVE-2017-20262Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=com_ajaxquiz and…

  • CVE-2017-20261Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to…

  • CVE-2017-20260Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL…

  • CVE-2017-20258Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with…

  • CVE-2017-20257Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to…

  • CVE-2017-20256Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in…

  • CVE-2017-20255Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and…

  • CVE-2017-20254Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the…

  • CVE-2017-20253Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection…

  • CVE-2017-20252Jun 19, 2026
    risk 0.00cvss epss 0.00

    Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in…

  • CVE-2026-21625Jan 16, 2026
    risk 0.00cvss epss 0.00

    User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

  • CVE-2026-21624Jan 16, 2026
    risk 0.00cvss epss 0.00

    Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.

  • CVE-2026-21623Jan 16, 2026
    risk 0.00cvss epss 0.00

    Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.

Page 14 of 22