The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability 27880

Joomla Music Collection: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Music Collection, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 26/11/2018.
Identifiers: VIGILANCE-VUL-27880.

Description of the vulnerability

An attacker can use a SQL injection of Joomla Music Collection, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27860

Joomla Kunena: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 21/11/2018.
Identifiers: VIGILANCE-VUL-27860.

Description of the vulnerability

The Kunena extension can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Kunena, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27828

Joomla Jimtawl: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Jimtawl, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 19/11/2018.
Identifiers: VIGILANCE-VUL-27828.

Description of the vulnerability

The Joomla Jimtawl product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Jimtawl, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

vulnerability 27500

Joomla CW Article Attachments: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla CW Article Attachments, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 15/10/2018.
Identifiers: VIGILANCE-VUL-27500.

Description of the vulnerability

The Joomla CW Article Attachments product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla CW Article Attachments, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 27499

Joomla Kunena: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Joomla Kunena.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 15/10/2018.
Identifiers: VIGILANCE-VUL-27499.

Description of the vulnerability

An attacker can use several vulnerabilities of Joomla Kunena.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 27315

Joomla Regular Labs: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Joomla Regular Labs, in order to run JavaScript code in the context of the web site.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/09/2018.
Identifiers: VIGILANCE-VUL-27315.

Description of the vulnerability

The Regular Labs extensions can be installed on Joomla.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Joomla Regular Labs, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 27306

Joomla Forms by Balbooa: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Joomla Forms by Balbooa, in order to obtain sensitive information.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 24/09/2018.
Identifiers: VIGILANCE-VUL-27306.

Description of the vulnerability

An attacker can bypass access restrictions to data of Joomla Forms by Balbooa, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-17254

Joomla JCK Editor: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla JCK Editor, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 21/09/2018.
Identifiers: CVE-2018-17254, VIGILANCE-VUL-27283.

Description of the vulnerability

The Joomla JCK Editor product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla JCK Editor, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 27267

Joomla Realpin: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Realpin, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 19/09/2018.
Identifiers: VIGILANCE-VUL-27267.

Description of the vulnerability

The Joomla Realpin product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Realpin, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27248

Joomla Magiczoomplus for Virtuemart: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Joomla Magiczoomplus for Virtuemart, in order to obtain sensitive information.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 17/09/2018.
Identifiers: VIGILANCE-VUL-27248.

Description of the vulnerability

An attacker can bypass access restrictions to data of Joomla Magiczoomplus for Virtuemart, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: