Product:

Joomla\!

(Joomla)
Repositories https://github.com/joomla/joomla-cms
#Vulnerabilities 259
Date Id Summary Products Score Patch Annotated
2017-05-17 CVE-2017-8917 SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. Joomla\! 9.8
2017-04-25 CVE-2017-8057 In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting. Joomla\! 5.3
2017-04-25 CVE-2017-7989 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden. Joomla\! 6.5
2017-04-25 CVE-2017-7987 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component. Joomla\! 6.1
2017-04-25 CVE-2017-7986 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components. Joomla\! 6.1
2017-04-25 CVE-2017-7985 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. Joomla\! 6.1
2017-04-25 CVE-2017-7984 In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component. Joomla\! 6.1
2017-04-25 CVE-2017-7983 In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers. Joomla\! 5.3
2017-11-10 CVE-2017-16634 In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. Joomla\! 9.8
2017-11-10 CVE-2017-16633 In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. Joomla\! 4.3