📦 Joomla\!

This vulnerability in Joomla's pagination class allows attackers to inject arbitrary parameters into pagination links, which can poison caching systems. This affects all Joomla installations using the...

This vulnerability in Joomla! allows account takeover under specific circumstances because user authentication rows aren't properly bound to authentication mechanisms. It affects all Joomla! installat...

CVE-2022-23797 is a critical SQL injection vulnerability in Joomla! CMS that allows attackers to execute arbitrary SQL commands through inadequate filtering of selected IDs in requests. This affects a...

This Joomla vulnerability allows attackers to manipulate input variables by polluting method-specific input bags with $_REQUEST data. This can lead to variable tampering and potential security bypasse...

This vulnerability allows authenticated users with media manager access to delete files without proper permission checks in Joomla! 4.0.0. Attackers can exploit this to delete critical files, potentia...

This vulnerability allows attackers to upload arbitrary files to Joomla! websites due to insufficient input validation in the installer migration script. Attackers can upload malicious code that execu...

This vulnerability in Joomla! Core allows attackers to bypass security restrictions and retrieve password reset tokens from the database via an existing SQL injection vector. Successful exploitation c...

This vulnerability in Joomla! involves insufficient randomness in two-factor authentication (2FA) secret generation, using only 10 bytes instead of the recommended 20 bytes per RFC 4226. This weakens ...

This SQL injection vulnerability in Joomla's backend user list allows authenticated attackers to execute arbitrary SQL commands. It affects Joomla installations from version 3.0.0 through 3.9.22. Atta...

This Cross-Site Scripting (XSS) vulnerability in Joomla allows attackers to inject malicious scripts into menu list ID attributes. When exploited, it enables attackers to steal session cookies, redire...

This CVE describes an improper access control vulnerability in Joomla core that allows unauthorized users to access protected views. It affects Joomla installations with default configurations, potent...

This vulnerability in Joomla! allows backend users to overwrite their usernames even when this action should be restricted by access controls. This affects Joomla! installations with backend user acco...

This vulnerability in Joomla! allows attackers to perform brute force attacks against multi-factor authentication (MFA) methods due to insufficient rate limiting. Attackers can repeatedly guess MFA co...

This vulnerability allows attackers to perform path traversal attacks by uploading specially crafted tar archives to Joomla! installations. When extracted, these archives can write files outside the i...

This vulnerability in Joomla! CMS allows attackers to manipulate the usergroups table through insufficient input validation, potentially causing denial of service or system instability. It affects all...

This vulnerability in Joomla! allows authenticated users with installer component access to install extensions without proper superuser authorization checks. It affects Joomla! installations where ACL...

Joomla! Core 1.5.x has an information disclosure vulnerability where attackers can use negative values for limit and offset parameters to access sensitive data. This affects Joomla! 1.5.0 through 1.5....

This vulnerability in Joomla's template manager allows attackers to bypass input validation, potentially leading to unauthorized actions or code execution. It affects all Joomla installations running ...

This vulnerability allows attackers to inject malicious scripts via data URLs in img tags due to inadequate input filtering. When exploited, it enables cross-site scripting (XSS) attacks that can stea...

This vulnerability allows attackers to inject malicious scripts into web pages through the pagebreak plugin due to improper output escaping. It affects Joomla CMS users who have the vulnerable plugin ...

This vulnerability allows attackers to inject malicious scripts into Joomla module chrome outputs, which execute in victims' browsers when viewing affected pages. It affects Joomla CMS users with vuln...

This vulnerability in Joomla wrapper extensions allows attackers to inject malicious scripts through unvalidated inputs, leading to cross-site scripting (XSS) attacks. It affects Joomla websites using...

This CVE describes a self-XSS vulnerability in Joomla's fancyselect list field layout where user inputs are not properly escaped. It allows attackers to inject malicious scripts that execute in the vi...