CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-26037 613 2021-07-07 2021-07-09
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.
2 CVE-2021-26036 20 2021-07-07 2021-07-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
3 CVE-2021-26031 2021-04-14 2021-04-22
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
4 CVE-2021-26029 20 2021-03-04 2021-03-10
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.
5 CVE-2021-26027 668 2021-03-04 2021-03-09
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
6 CVE-2021-23132 2021-03-04 2021-03-05
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
7 CVE-2021-23131 20 2021-03-04 2021-03-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
8 CVE-2021-23126 326 2021-03-04 2021-03-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.
9 CVE-2021-23123 862 2021-01-12 2021-01-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the orderPosition endpoint of com_modules leak names of unpublished and/or inaccessible modules.
10 CVE-2020-35616 20 2020-12-28 2020-12-30
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
11 CVE-2020-35614 200 +Info 2020-12-28 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.
12 CVE-2020-35612 22 Dir. Trav. 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
13 CVE-2020-35611 200 +Info 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
14 CVE-2020-35610 2020-12-28 2020-12-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
15 CVE-2020-24598 601 2020-08-26 2020-08-28
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.
16 CVE-2020-15699 345 2020-07-15 2020-07-15
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration.
17 CVE-2020-15698 200 +Info 2020-07-15 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! through 3.9.19. Inadequate filtering on the system information screen could expose Redis or proxy credentials
18 CVE-2020-13763 281 2020-06-02 2020-10-19
5.0
None Remote Low Not required None Partial None
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
19 CVE-2020-11891 863 2020-04-21 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized editing of usergroups.
20 CVE-2020-11890 20 2020-04-21 2020-04-29
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
21 CVE-2020-11889 863 2020-04-21 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.
22 CVE-2020-10240 20 2020-03-16 2020-03-19
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses.
23 CVE-2020-10238 668 2020-03-16 2020-03-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
24 CVE-2019-19845 22 Dir. Trav. 2019-12-18 2019-12-19
5.0
None Remote Low Not required Partial None None
In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure.
25 CVE-2019-18674 862 2019-11-06 2019-11-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure.
26 CVE-2019-15028 2019-08-14 2020-08-24
5.0
None Remote Low Not required None Partial None
In Joomla! before 3.9.11, inadequate checks in com_contact could allow mail submission in disabled forms.
27 CVE-2019-10946 306 2019-04-10 2020-08-24
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
28 CVE-2019-9713 862 2019-03-12 2020-08-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.
29 CVE-2018-15881 2018-08-29 2019-10-03
5.0
None Remote Low Not required None Partial None
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
30 CVE-2018-11325 209 2018-05-22 2019-10-03
5.0
None Remote Low Not required Partial None None
An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and display the plaintext password for the administrator account at the confirmation screen.
31 CVE-2017-14596 90 2017-09-20 2017-09-27
5.0
None Remote Low Not required Partial None None
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
32 CVE-2017-9933 200 +Info 2017-07-17 2017-07-20
5.0
None Remote Low Not required Partial None None
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
33 CVE-2017-8057 200 +Info 2017-04-25 2017-05-03
5.0
None Remote Low Not required Partial None None
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
34 CVE-2017-7988 2017-04-25 2019-10-03
5.0
None Remote Low Not required None Partial None
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
35 CVE-2017-7983 200 +Info 2017-04-25 2017-05-03
5.0
None Remote Low Not required Partial None None
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
36 CVE-2016-9838 284 2016-12-16 2017-09-02
5.0
None Remote Low Not required None Partial None
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
37 CVE-2016-9837 264 2016-12-16 2016-12-22
5.0
None Remote Low Not required Partial None None
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.
38 CVE-2015-7899 284 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
39 CVE-2015-7859 200 +Info 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.
40 CVE-2015-5608 601 2017-09-20 2017-09-22
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
41 CVE-2014-7229 DoS 2014-10-08 2014-10-09
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
42 CVE-2013-3242 20 1 DoS 2013-05-03 2014-03-07
5.5
None Remote Low ??? None Partial Partial
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
43 CVE-2013-1455 200 +Info 2013-02-13 2017-08-29
5.0
None Remote Low Not required Partial None None
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to an "Undefined variable."
44 CVE-2013-1454 200 +Info 2013-02-13 2017-08-29
5.0
None Remote Low Not required Partial None None
Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive information via unspecified vectors related to "Coding errors."
45 CVE-2012-3829 200 1 +Info 2012-07-03 2012-07-17
5.0
None Remote Low Not required Partial None None
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
46 CVE-2012-2748 +Info 2012-07-03 2017-08-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."
47 CVE-2012-1611 264 +Info 2012-09-06 2013-10-03
5.0
None Remote Low Not required Partial None None
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
48 CVE-2012-1599 264 +Info 2012-12-03 2012-12-04
5.0
None Remote Low Not required Partial None None
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611.
49 CVE-2012-1563 269 2020-01-15 2020-01-22
5.0
None Remote Low Not required None Partial None
Joomla! before 2.5.3 allows Admin Account Creation.
50 CVE-2012-1562 330 2020-01-15 2020-01-22
5.0
None Remote Low Not required None Partial None
Joomla! core before 2.5.3 allows unauthorized password change.
Total number of vulnerabilities : 88   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.