Summary
Detail | |||
---|---|---|---|
Vendor | Joomla | First view | 2009-10-28 |
Product | Joomla! | Last view | 2010-07-12 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:joomla:joomla%21:*:*:*:*:*:*:*:* | 9 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2010-07-12 | CVE-2010-2690 | SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. |
7.5 | 2010-07-12 | CVE-2010-2681 | PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. |
7.5 | 2010-05-19 | CVE-2010-1954 | Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
7.5 | 2010-05-19 | CVE-2010-1953 | Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. |
6.8 | 2010-05-19 | CVE-2010-1950 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
7.5 | 2010-05-19 | CVE-2010-1949 | SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information. |
7.5 | 2010-05-03 | CVE-2010-1653 | Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. |
7.5 | 2009-10-28 | CVE-2009-3822 | PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. |
7.5 | 2009-10-28 | CVE-2009-3817 | PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (3) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
33% (3) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
33% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
66269 | Gamesbox Component for Joomla! index.php id Parameter SQL Injection |
66262 | SEF404x Component for Joomla! index.php mosConfig.absolute.path Parameter Rem... |
64102 | Graphics Component for Joomla! index.php controller Parameter Directory Trave... |
64005 | Online News Paper Manager Component for Joomla! index.php Multiple Parameter ... |
63976 | iNetLanka Multiple Map Component for Joomla! index.php controller Parameter D... |
63941 | iNetLanka Multiple Root Component for Joomla! index.php controller Parameter ... |
59377 | BookLibrary Component for Joomla! doc/releasenote.php mosConfig_absolute_path... |
59056 | AjaxChat Component for Joomla! components/com_ajaxchat/tests/ajcuser.php mosC... |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2010-01-04 | Name: The remote web server contains a PHP application that is affected by multiple... File: joomla_components_controller_lfi.nasl - Type: ACT_ATTACK |