Tamlyncreative Com Bfsurvey Profree vulnerabilities
3 known vulnerabilities affecting tamlyncreative/com_bfsurvey_profree.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2010-2259P3HIGHCVSS 7.5PoCv1.2.62010-06-09
CVE-2010-2259 [HIGH] CWE-22 CVE-2010-2259: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remot
Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
nvd
CVE-2009-4625P3HIGHCVSS 7.5PoC≤ 1.2.5v1.2.42010-01-18
CVE-2009-4625 [HIGH] CWE-89 CVE-2009-4625: SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.
nvd
CVE-2010-2255P3HIGHCVSS 7.5PoCv1.2.62010-06-09
CVE-2010-2255 [HIGH] CWE-89 CVE-2010-2255: SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Surve
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. NOTE: some of these details are obtained from third part
nvd