The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability bulletin CVE-2018-17254

Joomla JCK Editor: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JCK Editor, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/09/2018.
Identifiers: CVE-2018-17254, VIGILANCE-VUL-27283.

Description of the vulnerability

The Joomla JCK Editor product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JCK Editor, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 27267

Joomla Realpin: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Realpin, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/09/2018.
Identifiers: VIGILANCE-VUL-27267.

Description of the vulnerability

The Joomla Realpin product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Realpin, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 26937

Joomla J-BusinessDirectory: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla J-BusinessDirectory, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 09/08/2018.
Identifiers: VIGILANCE-VUL-26937.

Description of the vulnerability

The Joomla J-BusinessDirectory product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla J-BusinessDirectory, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 26623

Joomla Media Library Free: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Media Library Free, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: VIGILANCE-VUL-26623.

Description of the vulnerability

The Joomla Media Library Free product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Media Library Free, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 26622

Joomla Advertisement Board: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Advertisement Board, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: VIGILANCE-VUL-26622.

Description of the vulnerability

The Joomla Advertisement Board product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Advertisement Board, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 26495

Joomla Jomres: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Joomla Jomres, in order to force the victim to perform operations.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/06/2018.
Identifiers: VIGILANCE-VUL-26495.

Description of the vulnerability

The Jomres extension can be installed on Joomla.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Joomla Jomres, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 26432

Joomla Community Builder: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Community Builder, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 14/06/2018.
Identifiers: VIGILANCE-VUL-26432.

Description of the vulnerability

The Community Builder extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Community Builder, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2018-12254

Joomla Ek rishta: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Ek rishta, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 13/06/2018.
Identifiers: CVE-2018-12254, VIGILANCE-VUL-26416.

Description of the vulnerability

The Joomla Ek rishta product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Ek rishta, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 26188

Joomla EkRishta: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla EkRishta, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 22/05/2018.
Identifiers: VIGILANCE-VUL-26188.

Description of the vulnerability

The EkRishta extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla EkRishta, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 26118

Joomla Admin Tools Pro: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Joomla Admin Tools Pro, in order to obtain sensitive information.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 11/05/2018.
Identifiers: VIGILANCE-VUL-26118.

Description of the vulnerability

The Admin Tools Pro extension can be installed on Joomla.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability of Joomla Admin Tools Pro, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: