The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability announce 24822

Joomla NextGen Editor: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla NextGen Editor, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2017.
Identifiers: VIGILANCE-VUL-24822.

Description of the vulnerability

The Joomla NextGen Editor product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla NextGen Editor, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 24810

Joomla User Bench: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla User Bench, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2017.
Identifiers: VIGILANCE-VUL-24810.

Description of the vulnerability

The Joomla User Bench product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla User Bench, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 24809

Joomla My Projects: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla My Projects, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2017.
Identifiers: VIGILANCE-VUL-24809.

Description of the vulnerability

The Joomla My Projects product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla My Projects, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 24808

Joomla JB Visa: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JB Visa, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2017.
Identifiers: VIGILANCE-VUL-24808.

Description of the vulnerability

The Joomla JB Visa product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JB Visa, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 24807

Joomla Guru Pro: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Guru Pro, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/12/2017.
Identifiers: VIGILANCE-VUL-24807.

Description of the vulnerability

The Joomla Guru Pro product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Guru Pro, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-17872

Joomla JEXTN Video Gallery: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JEXTN Video Gallery, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 18/12/2017.
Identifiers: CVE-2017-17872, VIGILANCE-VUL-24793.

Description of the vulnerability

The Joomla JEXTN Video Gallery product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JEXTN Video Gallery, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-17871

Joomla JEXTN Question And Answer: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JEXTN Question And Answer, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 18/12/2017.
Identifiers: CVE-2017-17871, VIGILANCE-VUL-24792.

Description of the vulnerability

The Joomla JEXTN Question And Answer product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JEXTN Question And Answer, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-17870

Joomla JBuildozer: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JBuildozer, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 14/12/2017.
Identifiers: CVE-2017-17870, VIGILANCE-VUL-24773.

Description of the vulnerability

The Joomla JBuildozer product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JBuildozer, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 24533

Joomla VirtueMart: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla VirtueMart, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 24/11/2017.
Identifiers: VIGILANCE-VUL-24533.

Description of the vulnerability

The VirtueMart extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla VirtueMart, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 24103

Joomla Ajax Quiz by Webkul: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Ajax Quiz by Webkul, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 11/10/2017.
Identifiers: VIGILANCE-VUL-24103.

Description of the vulnerability

The Joomla Ajax Quiz by Webkul product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Ajax Quiz by Webkul, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: