The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Joomla Extensions ~ not comprehensive

vulnerability note 23874

Joomla UserExtranet: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla UserExtranet, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 19/09/2017.
Identifiers: VIGILANCE-VUL-23874.

Description of the vulnerability

The Joomla UserExtranet product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla UserExtranet, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 23771

Joomla Realtyna RPL: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Realtyna RPL, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 07/09/2017.
Identifiers: VIGILANCE-VUL-23771.

Description of the vulnerability

The Joomla Realtyna RPL product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Realtyna RPL, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 23723

Joomla CheckList: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla CheckList, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/09/2017.
Identifiers: VIGILANCE-VUL-23723.

Description of the vulnerability

The Joomla CheckList product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla CheckList, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 23719

Joomla Survey Force Deluxe: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Survey Force Deluxe, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/09/2017.
Identifiers: VIGILANCE-VUL-23719.

Description of the vulnerability

The Joomla Survey Force Deluxe product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Survey Force Deluxe, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 23717

Joomla One Vote: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla One Vote, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 04/09/2017.
Identifiers: VIGILANCE-VUL-23717.

Description of the vulnerability

The Joomla One Vote product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla One Vote, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 23660

Joomla StreetGuessr: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla StreetGuessr, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: VIGILANCE-VUL-23660.

Description of the vulnerability

The Joomla StreetGuessr product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla StreetGuessr, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note 23659

Joomla SP Movie Database: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla SP Movie Database, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: VIGILANCE-VUL-23659.

Description of the vulnerability

The Joomla SP Movie Database product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla SP Movie Database, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin 23658

Joomla KissGallery: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla KissGallery, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: VIGILANCE-VUL-23658.

Description of the vulnerability

The Joomla KissGallery product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla KissGallery, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 23657

Joomla Quiz Deluxe: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of Joomla Quiz Deluxe, in order to read or alter data.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: VIGILANCE-VUL-23657.

Description of the vulnerability

The Joomla Quiz Deluxe product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of Joomla Quiz Deluxe, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 23656

Joomla Joomanager: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Joomla Joomanager, in order to read a file outside the service root path.
Impacted products: Joomla Extensions ~ not comprehensive.
Severity: 2/4.
Creation date: 31/08/2017.
Identifiers: VIGILANCE-VUL-23656.

Description of the vulnerability

The Joomanager extension can be installed on Joomla.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories of Joomla Joomanager, in order to read a file outside the service root path.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Joomla Extensions ~ not comprehensive: