Gonzalo Maser Com Artforms vulnerabilities
4 known vulnerabilities affecting gonzalo_maser/com_artforms.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2009-1822P3HIGHCVSS 7.5PoCv2.1b72009-05-29
CVE-2009-1822 [HIGH] CWE-94 CVE-2009-1822: Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) compon
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/sw
nvd
CVE-2010-2847P3HIGHCVSS 7.5PoCv2.1b7.22010-07-25
CVE-2010-2847 [HIGH] CWE-89 CVE-2010-2847: Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
nvd
CVE-2010-2848P3MEDIUMCVSS 5.0PoCv2.1b7.22010-07-25
CVE-2010-2848 [MEDIUM] CWE-22 CVE-2010-2848: Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
nvd
CVE-2010-2846P4MEDIUMCVSS 4.3PoCv2.1b7.22010-07-25
CVE-2010-2846 [MEDIUM] CWE-79 CVE-2010-2846: Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
nvd