Joomla 漏洞列表

Joomla 3.4.4 之前的 3.2 SQL 注入漏洞 Joomla 中的 SQL 注入漏洞！3.4.4 之前的 3.2 允许远程攻击者通过未指定的向量执行任意 SQL 命令。

Joomla中存在未授权访问漏洞，由于对Web服务端点的访问限制不当，远程攻击者可以绕过安全限制获得Web应用程序敏感信息。 影响版本4.0.0 <= Joomla <= 4.2.7

A local file inclusion vulnerability in the Jvehicles (com_jvehicles) component version 1.0 for Joomla! allows remote attackers to load arbitrary files via the controller parameter in index.php.

Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.

Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.

Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.

Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.

Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.

Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.

Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).

Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.

Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.

Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.

Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.

Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.

A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.

A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.

A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.

Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.

A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.

A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.

A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.

A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.

A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.

A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.

A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.

A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.

A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.

A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.

A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.

A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.

A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.

A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.

A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015

Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.

Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.

SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.

SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.

Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an attacker read access to arbitrary files.

Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext.

Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unauthenticated path traversal attacks. This enables an attacker to read arbitrary files, for example the Joomla! configuration file which contains credentials.

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jp_yearbuilt leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Joomla!是Joomla!开源的一个自由、开放源代码的内容管理系统。 Joomla!存在授权问题漏洞，该漏洞源于状态检查不足，导致绕过双因素认证检查。

JoomlaUX JUX Real Estate是JoomlaUX公司的一款 Joomla 组件，旨在满足多种房地产相关需求。 JoomlaUX JUX Real Estate 3.4.0版本存在代码注入漏洞，该漏洞源于跨站脚本攻击，可能导致远程攻击。

Joomla!是一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。&nbsp;Joomla! configuration.php文件存在RCE漏洞。攻击者可利用漏洞写入一句话木马，获得服务器权限。

Joomla存在跨站脚本漏洞，此漏洞是由于administrator/index.php对用户的请求验证不当导致的。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin FG Joomla 4.20.2 版本及之前版本存在日志信息泄露漏洞，该漏洞源于存在信息泄露问题。

Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。Harmis JEMessenger component是使用在其中的一款个人消息管理组件，它支持收、发邮件和在线消息。 Joomla! Harmis JEMessenger组件1.2.2版本中存在路径遍历漏洞，该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。

Joomla是一款流行的开源CMS(Content Management System，内容管理系统)。如果管理员使用了默认或者过于简单的口令，则可能存在弱口令漏洞，未经授权的用户或攻击者可能因此获得整个系统的访问和控制权限。

Joomla Rest API存在未授权访问漏洞，此漏洞由于对用户请求处理不当导致的。

Joomla Rest API存在未授权访问漏洞，此漏洞由于对用户请求处理不当导致的。

Jvehicles 是Joomla! 的一款后台管理插件。Joomla! 的 Jvehicles (com_jvehicles)组件存在本地文件包含漏洞，允许远程攻击者通过 index.php 中的控制器参数加载任意文件

Joomla是一个免费开源的内容管理系统(CMS)，用于发布 Web 内容。攻击者可通过未授权访问漏洞控制整个系统，最终导致系统处于极度不安全状态。

Joomla!是一套全球知名的内容管理系统。 Joomla!是使用PHP语言加上MySQL数据库所开发的软件系统.Joomla存在未授权访问漏洞，攻击者通过覆盖 public 值绕过限制，访问部分API获取敏感数据

Joomla系统com_payplans组件group_id参数存在SQL注入漏洞，可能造成数据泄漏，甚至服务器被入侵。

Joomla! Component User Bench 1.0 - SQL Injection

Joomla! 组件Reverse Auction Factory 4.3.8版本filter_order_Dir参数存在SQL注入漏洞，攻击者可以利用此漏洞获取数据库敏感信息。

Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection

Joomla Component CCNewsLetter 2.1.9 - sbid Parameter SQL Injection

Joomla EXP Auto插件过滤不严导致了sql注入漏洞

Joomla插件J-BusinessDirectory 4.9.7版本type参数SQL注入，可能造成数据泄露，甚至服务器被入侵。

Joomla内容编辑器Com_JCE2.5.24版本数据库备份信息泄漏 攻击者在未授权的情况下，通过访问/sql/目录下的sql文件，即可看到网站所执行的sql语句，造成严重信息泄露，危害网站安全。

The 2.2.7 version of the Jimtawl component of Joomla! has a sql injection vulnerability in the id parameter which can cause data leakage and even server hacking.

Joomla!插件JoomProject 1.1.3.2版本信息泄漏，泄露用户的用户名，邮箱等信息。

Joomla! 系统com_jsjobs插件customfields.php文件child参数存在SQL注入漏洞，可能造成数据泄漏，甚至服务器被入侵。

Joomla! com_jsjobs1.2.5 citydata sql injection.

Joomla_jsjobs sqli

There is an arbitrary file download vulnerability in the name parameter of the index.php file in version 1.1.5.

Joomla系统Kunena插件5.1.7版本存在大量数据库文件泄露 攻击者在未授权的情况下，通过访问/mysql/目录下的sql文件，即可看到网站所执行的sql语句，造成严重信息泄露，危害网站安全。

Joomla! Component My Projects 2.0 - SQL Injection

Joomla! Component NextGen Editor 2.1.0 - SQL Injection

Joomla! Component Quiz Deluxe 3.7.4 - SQL Injection

Joomla系统com_rsfiles插件本地文件下载漏洞，攻击者在未授权的情况下，通过get请求即可下载数据库配置文件，造成严重信息泄露，危害网站安全。

Joomla! Component Survey Force Deluxe 3.2.4 - 'invite' Parameter SQL Injection

Joomla! Component Twitch Tv 1.1 - SQL Injection

Joomla com_videoflow 注入漏洞

本漏洞根源是PHP5.6.13前的版本在读取存储好的session时，如果反序列化出错则会跳过当前一段数据而去反序列化下一段数据。而Joomla将session存储在Mysql数据库中，编码是utf8，当我们插入4字节的utf8数据时则会导致截断。截断后的数据在反序列化时就会失败，最后触发反序列化漏洞。通过Joomla中的Gadget，可造成任意代码执行的结果。

Joomla!是一套全球知名的内容管理系统。Joomla!是使用PHP语言加上MySQL数据库所开发的软件系统。后台存在sql注入漏洞，攻击者可以获取数据库等敏感信息。

Joomla!是一套全球知名的内容管理系统。Joomla!是使用PHP语言加上MySQL数据库所开发的软件系统。漏洞本质是Joomla对session数据处理不当，未经授权的攻击者可以发送精心构造的恶意HTTP 请求，获取服务器权限，实现远程命令执行。

Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。</br>Joomla!3.6.4之前的版本中的Users组件中的controllers/user.php文件中的UsersModelRegistration类中的‘register’方法存在安全漏洞。远程攻击者可通过错误使用未过滤的数据利用该漏洞提升权限。

Joomla!是一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。该漏洞是一个 PHP 对象注入漏洞，可导致远程代码执行后果。

【漏洞对象】Joomla 【涉及版本】3.7.0 【漏洞描述】该系统存在SQL注入漏洞，被SQL注入后可能导致网页被篡改；数据被篡改；核心数据被窃取；数据库所在服务器被攻击变成傀儡主机等。

【漏洞对象】Joomla 【涉及版本】3.4.4 - 3.6.4 【漏洞描述】该系统存在鉴权绕过漏洞，攻击者可以伪造数据包，在网站关闭注册新用户的情况下，绕过关闭检测，进行未授权注册账号，从而危害网站安全。

【漏洞对象】Joomla 【漏洞描述】Joomla的com_videoflow参数存在SQL注入，可造成信息数据泄露，攻击者可利用该漏洞执行SQL指令，甚至入侵服务器。

【漏洞对象】Joomla 【涉及版本】3.2.2，3.2.1 【漏洞描述】该系统modules/mod_tags_similar/helper.php脚本内的ModTagssimilarHelper::getList()方法没有正确过滤用户提供的输入，导致SQL注入漏洞。

【漏洞对象】Joomla 【涉及版本】1.5 【漏洞描述】该系统index.php页面由于参数过滤不严格导致SQL注入漏洞，可造成信息数据泄露，攻击者可利用该漏洞执行SQL指令，甚至入侵服务器。

【漏洞对象】Joomla 【涉及版本】1.4.0 【漏洞描述】该系统/index.php?option=com_niceajaxpoll页面存在SQL注入漏洞，可造成信息数据泄露，攻击者可利用该漏洞执行SQL指令，甚至入侵服务器。

【漏洞对象】Joomla Quiz Deluxe 【涉及版本】3.7.4 【漏洞描述】 存在sql注入漏洞。

【漏洞对象】Joomla CMS 【涉及版本】3.2-3.4.4 【漏洞描述】 存在sql注入漏洞。

【漏洞对象】Joomla 【涉及版本】2.1.9 【漏洞描述】 存在sql注入漏洞。

【漏洞对象】Joomla! 【涉及版本】Joomla_jsjobs 【漏洞描述】 Joomla_jsjobs 存在SQL注入漏洞。

【漏洞对象】Joomla! 【涉及版本】Joomla! Component Twitch Tv 1.1 【漏洞描述】 Joomla! ComponentTwitch Tv 1.1 存在SQL注入漏洞。

【漏洞对象】Joomla 【漏洞描述】Joomla!是一套全球知名的内容管理系统。Joomla!是使用PHP语言加上MySQL数据库所开发的软件系统，目前最新版本是3.8。Joomla上的插件com_macgallery存在数据库文件泄露，攻击者只要访问网站路径下的/install.sql就可以看出安装时执行的sql语句，泄露的网站敏感信息。

【漏洞对象】Joomla 【漏洞描述】Joomla是一套全球知名的内容管理系统。Joomla是使用PHP语言加上MySQL数据库所开发的软件系统，目前最新版本是3.9.11 。可以在Linux、Windows、MacOSX等各种不同的平台上执行。在Joomla的某些特定历史版本中存在任意文件下载漏洞，导致信息泄漏。

【漏洞对象】Joomla! 【涉及版本】Joomla! Jtag Members Directory 5.3.7 【漏洞描述】url路径过滤不严格导致任意文件下载。

【漏洞对象】Joomla! 【涉及版本】Joomla EXP Auto插件 【漏洞描述】 Joomla EXP Auto插件过滤不严导致了sql注入漏洞。

【漏洞对象】Joomla! 【涉及版本】Joomla! Component Zap Calendar Lite 4.3.4 【漏洞描述】 Joomla!Component Zap Calendar Lite 4.3.4存在SQL注入漏洞。

【漏洞对象】Joomla! Component User Bench 【涉及版本】Joomla! Component User Bench 1.0 【漏洞描述】Joomla! Component User Bench 1.0存在SQL注入漏洞，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Component Survey Force Deluxe 【涉及版本】Joomla! Component Survey ForceDeluxe 3.2.4 【漏洞描述】 Joomla! Component Survey Force Deluxe 3.2.4的'invite'参数存在SQL注入漏洞，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Component NextGen Editor 【涉及版本】Joomla! Component NextGen Editor2.1.0 【漏洞描述】 Joomla! Component NextGen Editor2.1.0中'plname'参数存在SQL注入漏洞，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Component My Projects 【涉及版本】Joomla! Component My Projects 2.0【漏洞描述】 Joomla! Component My Projects 2.0存在SQL注入漏洞，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Jimtawl组件 【涉及版本】Joomla的Jimtawl 2.2.7组件 【漏洞描述】Joomla!的Jimtawl组件2.2.7版本id参数有sql注入漏洞，可造成数据泄露，甚至服务器被入侵。

Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection

【漏洞对象】Joomla! Component JEXTN Question And Answer 【涉及版本】 Component JEXTNQuestion And Answer 3.1.0 【漏洞描述】 Joomla! Component JEXTN Question And Answer3.1.0存在sql注入漏洞，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Component JBuildozer 【涉及版本】Joomla! Component JBuildozer 1.4.1【漏洞描述】 Joomla! Component JBuildozer 1.4.1版本存在SQL注入，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! Component JB Visa 【涉及版本】Joomla! Component JB Visa 1.0 【漏洞描述】Joomla! Component JB Visa 1.0版本的参数'visatype'存在SQL注入，可造成数据泄露，甚至服务器被入侵。

【漏洞对象】Joomla! 【涉及版本】Joomla! Component CheckList 1.1.0 【漏洞描述】 Joomla! ComponentCheckList 1.1.0存在SQL注入。

Joomla! Framework是美国Open Source Matters团队开发的一套使用PHP编写Web应用程序框架。Session是其中的一个用于会话层的包。 Joomla! Framework Session程序包1.3.1之前1.x版本中存在安全漏洞。远程攻击者可借助会话值利用该漏洞执行任意代码。

Joomla!是美国Open Source Matters团队开发的一套开源的内容管理系统(CMS)。该系统提供RSS馈送、网站搜索等功能。