Summary
| Detail | |||
|---|---|---|---|
| Vendor | Joomla | First view | 2009-10-28 |
| Product | Joomla! | Last view | 2010-07-12 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:joomla:joomla%21:*:*:*:*:*:*:*:* | 9 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2010-07-12 | CVE-2010-2690 | SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. |
| 7.5 | 2010-07-12 | CVE-2010-2681 | PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. |
| 7.5 | 2010-05-19 | CVE-2010-1954 | Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | 2010-05-19 | CVE-2010-1953 | Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
| 6.8 | 2010-05-19 | CVE-2010-1950 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | 2010-05-19 | CVE-2010-1949 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | 2010-05-03 | CVE-2010-1653 | Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | 2009-10-28 | CVE-2009-3822 | PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. |
| 7.5 | 2009-10-28 | CVE-2009-3817 | PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (3) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 33% (3) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 33% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 66269 | Gamesbox Component for Joomla! index.php id Parameter SQL Injection |
| 66262 | SEF404x Component for Joomla! index.php mosConfig.absolute.path Parameter Rem... |
| 64102 | Graphics Component for Joomla! index.php controller Parameter Directory Trave... |
| 64005 | Online News Paper Manager Component for Joomla! index.php Multiple Parameter ... |
| 63976 | iNetLanka Multiple Map Component for Joomla! index.php controller Parameter D... |
| 63941 | iNetLanka Multiple Root Component for Joomla! index.php controller Parameter ... |
| 59377 | BookLibrary Component for Joomla! doc/releasenote.php mosConfig_absolute_path... |
| 59056 | AjaxChat Component for Joomla! components/com_ajaxchat/tests/ajcuser.php mosC... |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2010-01-04 | Name: The remote web server contains a PHP application that is affected by multiple... File: joomla_components_controller_lfi.nasl - Type: ACT_ATTACK |
