cbcvebase.

Joomla ! vulnerabilities

296 known vulnerabilities affecting joomla/joomla_!.

Total CVEs
296
CISA KEV
2
actively exploited
Public exploits
23
Exploited in wild
8
Severity breakdown
CRITICAL38HIGH74MEDIUM182LOW2

Vulnerabilities

Page 6 of 15
CVE-2012-1562P3HIGHCVSS 7.5fixed in 2.5.32020-01-15
CVE-2012-1562 [HIGH] CWE-330 CVE-2012-1562: Joomla! core before 2.5.3 allows unauthorized password change. Joomla! core before 2.5.3 allows unauthorized password change.
nvd
CVE-2023-40626P3HIGHCVSS 7.5≥ 1.6.0, < 3.10.14≥ 4.0.0, < 4.4.1+1 more2023-11-29
CVE-2023-40626 [HIGH] CVE-2023-40626: The language file parsing process could be manipulated to expose environment variables. Environment The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
nvd
CVE-2018-15881P3HIGHCVSS 7.5fixed in 3.8.122018-08-29
CVE-2018-15881 [HIGH] CVE-2018-15881: An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can le An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
nvd
CVE-2021-23131P3HIGHCVSS 7.5≥ 3.2.0, < 3.9.252021-03-04
CVE-2021-23131 [HIGH] CWE-20 CVE-2021-23131: An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the templat An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
nvd
CVE-2020-35611P3HIGHCVSS 7.5≥ 2.5.0, ≤ 3.9.222020-12-28
CVE-2020-35611 [HIGH] CWE-200 CVE-2020-35611: An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not rem An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
nvd
CVE-2020-13763P3HIGHCVSS 7.5≥ 2.5.1, < 3.9.19v2.5.02020-06-02
CVE-2020-13763 [HIGH] CWE-281 CVE-2020-13763: In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block H In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
nvd
CVE-2010-4696P3HIGHCVSS 7.5v1.5.0v1.5.1+20 more2011-01-18
CVE-2010-4696 [HIGH] CVE-2010-4696: Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to exec Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from thi
nvd
CVE-2023-23755P3HIGHCVSS 7.5≥ 4.2.0, < 4.3.22023-05-30
CVE-2023-23755 [HIGH] CWE-307 CVE-2023-23755: An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute forc An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
nvd
CVE-2024-40748P3HIGHCVSS 7.5≥ 3.9.0, < 3.10.20≥ 4.0.0, < 4.4.10+1 more2025-01-07
CVE-2024-40748 [HIGH] CWE-79 CVE-2024-40748: Lack of output escaping in the id attribute of menu lists. Lack of output escaping in the id attribute of menu lists.
nvd
CVE-2006-4472P3HIGHCVSS 7.5fixed in 1.0.112006-08-31
CVE-2006-4472 [HIGH] CVE-2006-4472: Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authent Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
nvd
CVE-2017-9933P3HIGHCVSS 7.5v1.7.3v1.7.4+72 more2017-07-17
CVE-2017-9933 [HIGH] CWE-200 CVE-2017-9933: Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
nvd
CVE-2011-4937P3HIGHCVSS 7.5fixed in 1.7.22020-02-04
CVE-2011-4937 [HIGH] CWE-200 CVE-2011-4937: Joomla! 1.7.1 has core information disclosure due to inadequate error checking. Joomla! 1.7.1 has core information disclosure due to inadequate error checking.
nvd
CVE-2018-17858P3HIGHCVSS 8.8≥ 2.5.0, < 3.8.132018-10-09
CVE-2018-17858 [HIGH] CWE-352 CVE-2018-17858: An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
nvd
CVE-2006-4469P3HIGHCVSS 7.5fixed in 1.0.112006-08-31
CVE-2006-4469 [HIGH] CVE-2006-4469: Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "r Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
nvd
CVE-2020-10241P3HIGHCVSS 8.8≥ 3.2.0, < 3.9.162020-03-16
CVE-2020-10241 [HIGH] CWE-352 CVE-2020-10241: An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_t An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
nvd
CVE-2021-26036P3HIGHCVSS 7.5≥ 2.5.0, ≤ 3.9.272021-07-07
CVE-2021-26036 [HIGH] CWE-20 CVE-2021-26036: An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
nvd
CVE-2020-8420P4HIGHCVSS 8.8≥ 3.0.0, < 3.9.152020-01-28
CVE-2020-8420 [HIGH] CWE-352 CVE-2020-8420: An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
nvd
CVE-2020-8419P4HIGHCVSS 8.8≥ 3.0.0, < 3.9.152020-01-28
CVE-2020-8419 [HIGH] CWE-352 CVE-2020-8419: An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of vario An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
nvd
CVE-2019-18650P4HIGHCVSS 8.8≥ 3.2.0, ≤ 3.9.122019-11-06
CVE-2019-18650 [HIGH] CWE-352 CVE-2019-18650: An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSR An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
nvd
CVE-2011-3629P3HIGHCVSS 7.5fixed in 1.7.22020-02-04
CVE-2011-3629 [HIGH] CWE-326 CVE-2011-3629: Joomla! core 1.7.1 allows information disclosure due to weak encryption Joomla! core 1.7.1 allows information disclosure due to weak encryption
nvd