The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

computer vulnerability announce 22817

Joomla VideoFlow: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla VideoFlow, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 24/05/2017.
Identifiers: VIGILANCE-VUL-22817.

Description of the vulnerability

The Joomla VideoFlow product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla VideoFlow, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22636

Joomla com_tag: SQL injection via Tag

Synthesis of the vulnerability

An attacker can use a SQL injection via Tag of Joomla com_tag, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 03/05/2017.
Identifiers: VIGILANCE-VUL-22636.

Description of the vulnerability

The Joomla com_tag product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection via Tag of Joomla com_tag, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 22620

Joomla JGrid: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JGrid, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 02/05/2017.
Identifiers: VIGILANCE-VUL-22620.

Description of the vulnerability

The Joomla JGrid product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JGrid, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 22578

Joomla jDBexport: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla jDBexport, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 27/04/2017.
Identifiers: VIGILANCE-VUL-22578.

Description of the vulnerability

The jDBexport extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla jDBexport, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 22563

Joomla Myportfolio: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Myportfolio, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 26/04/2017.
Identifiers: VIGILANCE-VUL-22563.

Description of the vulnerability

The Joomla Myportfolio product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Myportfolio, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22486

Joomla com_phocadownload: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_phocadownload, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 18/04/2017.
Identifiers: VIGILANCE-VUL-22486.

Description of the vulnerability

The Joomla com_phocadownload product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_phocadownload, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 22380

Joomla com_winners: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla com_winners, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 10/04/2017.
Identifiers: VIGILANCE-VUL-22380.

Description of the vulnerability

The Joomla com_winners product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla com_winners, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 22330

Joomla JobGrok: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JobGrok, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/04/2017.
Identifiers: VIGILANCE-VUL-22330.

Description of the vulnerability

The Joomla JobGrok product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JobGrok, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22246

Joomla FocalPoint: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla FocalPoint, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 24/03/2017.
Identifiers: VIGILANCE-VUL-22246.

Description of the vulnerability

The Joomla FocalPoint product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla FocalPoint, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 22241

Joomla Modern Booking: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Modern Booking, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 23/03/2017.
Identifiers: VIGILANCE-VUL-22241.

Description of the vulnerability

The Joomla Modern Booking product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Modern Booking, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: