The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability note 21414

Joomla com_rpl: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_rpl, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: VIGILANCE-VUL-21414.

Description of the vulnerability

The Joomla com_rpl product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_rpl, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 21299

Joomla JS Jobs: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JS Jobs, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 07/12/2016.
Identifiers: VIGILANCE-VUL-21299.

Description of the vulnerability

The Joomla JS Jobs product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JS Jobs, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 21220

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 28/11/2016.
Identifiers: VIGILANCE-VUL-21220.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 21165

Joomla K2: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Joomla K2, in order to force the victim to perform operations.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/11/2016.
Identifiers: VIGILANCE-VUL-21165.

Description of the vulnerability

The K2 extension can be installed on Joomla.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Joomla K2, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 20932

Joomla JA K2 Filter: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JA K2 Filter, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/10/2016.
Identifiers: VIGILANCE-VUL-20932.

Description of the vulnerability

The Joomla JA K2 Filter product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JA K2 Filter, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 20775

Joomla Shape 5 MP3 Player: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Joomla Shape 5 MP3 Player, in order to read a file outside the service root path.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 05/10/2016.
Identifiers: VIGILANCE-VUL-20775.

Description of the vulnerability

The Shape 5 MP3 Player extension can be installed on Joomla.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Joomla Shape 5 MP3 Player, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 20751

Joomla DVFolderContent: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Joomla DVFolderContent, in order to read a file outside the service root path.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 03/10/2016.
Identifiers: VIGILANCE-VUL-20751.

Description of the vulnerability

The DVFolderContent extension can be installed on Joomla.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Joomla DVFolderContent, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 20714

Joomla com_remository: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Joomla com_remository, in order to obtain sensitive information.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 28/09/2016.
Identifiers: VIGILANCE-VUL-20714.

Description of the vulnerability

The com_remository extension can be installed on Joomla.

However, an attacker can bypass access restrictions to data.

An attacker can therefore use a vulnerability of Joomla com_remository, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 20712

Joomla Huge IT Slider: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Huge IT Slider, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 28/09/2016.
Identifiers: VIGILANCE-VUL-20712.

Description of the vulnerability

The Joomla Huge IT Slider product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Huge IT Slider, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 20705

Joomla Huge IT Googlemaps: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Huge IT Googlemaps, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 27/09/2016.
Identifiers: VIGILANCE-VUL-20705.

Description of the vulnerability

The Joomla Huge IT Googlemaps product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Huge IT Googlemaps, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: