The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

computer vulnerability alert 22246

Joomla FocalPoint: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla FocalPoint, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 24/03/2017.
Identifiers: VIGILANCE-VUL-22246.

Description of the vulnerability

The Joomla FocalPoint product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla FocalPoint, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 22241

Joomla Modern Booking: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Modern Booking, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 23/03/2017.
Identifiers: VIGILANCE-VUL-22241.

Description of the vulnerability

The Joomla Modern Booking product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Modern Booking, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 22239

Joomla Eshop, Events Booking, Membership Pro: invalid payment via Paypal Payment

Synthesis of the vulnerability

An attacker can use Joomla Eshop, Events Booking or Membership Pro, and pay less than expected.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 23/03/2017.
Identifiers: VIGILANCE-VUL-22239.

Description of the vulnerability

The Eshop, Events Booking, or Membership Pro extensions can be installed on Joomla.

However, an attacker can pay in a PayPal foreign currency, which is more favorable.

An attacker can therefore use Joomla Eshop, Events Booking or Membership Pro, and pay less than expected.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 22209

Joomla Canonical Url: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Canonical Url, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/03/2017.
Identifiers: VIGILANCE-VUL-22209.

Description of the vulnerability

The Joomla Canonical Url product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Canonical Url, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 22207

Joomla Extra Search: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Extra Search, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 21/03/2017.
Identifiers: VIGILANCE-VUL-22207.

Description of the vulnerability

The Joomla Extra Search product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Extra Search, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 22189

Joomla JooCart: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JooCart, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2017.
Identifiers: VIGILANCE-VUL-22189.

Description of the vulnerability

The Joomla JooCart product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JooCart, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 22188

Joomla jCart for OpenCart: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla jCart for OpenCart, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2017.
Identifiers: VIGILANCE-VUL-22188.

Description of the vulnerability

The Joomla jCart for OpenCart product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla jCart for OpenCart, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-7626 CVE-2017-7627 CVE-2017-7628

Joomla Smart Related Articles: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Smart Related Articles, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2017.
Identifiers: CVE-2017-7626, CVE-2017-7627, CVE-2017-7628, VIGILANCE-VUL-22187.

Description of the vulnerability

The Smart Related Articles extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Smart Related Articles, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 22186

Joomla OrdaSoft CCK: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla OrdaSoft CCK, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2017.
Identifiers: VIGILANCE-VUL-22186.

Description of the vulnerability

The Joomla OrdaSoft CCK product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla OrdaSoft CCK, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 22185

Joomla Directorix Directory Manager: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Directorix Directory Manager, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 20/03/2017.
Identifiers: VIGILANCE-VUL-22185.

Description of the vulnerability

The Joomla Directorix Directory Manager product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Directorix Directory Manager, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: