Vulnerabilities

Improper Access Controls allows backend users to overwrite their username when disallowed.

An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via upload.php.

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution.

Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

Joomla! core 1.7.1 allows information disclosure due to weak encryption

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

Joomla! 1.5x through 1.5.12: Missing JEXEC Check

Joomla! before 2.5.3 allows Admin Account Creation.

Joomla! core before 2.5.3 allows unauthorized password change.