Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Joomla\!
(Joomla)| Repositories | https://github.com/joomla/joomla-cms |
| #Vulnerabilities | 254 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-11-04 | CVE-2016-8870 | The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | Joomla\! | 8.1 | ||
| 2019-05-09 | CVE-2019-11831 | The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | Debian_linux, Drupal, Fedora, Joomla\!, Pharstreamwrapper | 9.8 | ||
| 2021-03-04 | CVE-2021-23126 | An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. | Joomla\! | 5.3 | ||
| 2023-05-30 | CVE-2023-23754 | An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | Joomla\! | 6.1 | ||
| 2023-05-30 | CVE-2023-23755 | An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | Joomla\! | 7.5 | ||
| 2023-02-01 | CVE-2023-23751 | An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | Joomla\! | 4.3 | ||
| 2023-02-01 | CVE-2023-23750 | An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | Joomla\! | 6.3 | ||
| 2019-06-11 | CVE-2019-12764 | An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users. | Joomla\! | 6.5 | ||
| 2019-06-11 | CVE-2019-12765 | An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection. | Joomla\! | 9.8 | ||
| 2019-06-11 | CVE-2019-12766 | An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors. | Joomla\! | 6.1 |