Exposure of Joomla
CMS393
exposure score
100,048
sites use
2
exploited
24
critical
CVEs
216 resultsCVE-2021-23131—[20210305] - Core - Input validation within the template managerEPSS 1.5%CVE-2021-26036—[20210702] - Core - DoS through usergroup table manipulationEPSS 1.4%CVE-2020-35610—[20201101] - Core - com_finder ignores access levels on autosuggestEPSS 1.3%CVE-2020-35611—[20201102] - Core - Disclosure of secrets in Global Configuration pageEPSS 1.3%CVE-2021-23126—[20210301] - Core - Insecure randomness within 2FA secret generationEPSS 1.3%CVE-2021-26038—[20210704] - Core - Privilege escalation through com_installerEPSS 1.2%CVE-2021-26031—[20210402] - Core - Inadequate filters on module layout settingsEPSS 1.2%CVE-2022-23799—[20220307] - Core - Variable Tampering on JInput $_REQUEST dataEPSS 1.2%CVE-2017-2550—Vulnerability in Easy Joomla Backup v3.2.4. The software creates a copy of the backup in the web root with an easily guessable filename.EPSS 1.2%CVE-2021-26028—[20210308] - Core - Path Traversal within joomla/archive zip classEPSS 1.2%CVE-2021-26029—[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author fieldEPSS 1.1%CVE-2021-23123—[20210101] - Core - com_modules exposes module namesEPSS 1.1%CVE-2011-3629—Joomla! core 1.7.1 allows information disclosure due to weak encryptionEPSS 1.1%CVE-2010-1433—Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-suEPSS 1.1%CVE-2010-1435—Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions EPSS 1.1%CVE-2022-23795—[20220303] - Core - User row are not bound to a authentication mechanismEPSS 1.1%CVE-2022-23797—[20220305] - Core - Inadequate filtering on the selected IdsEPSS 1.1%CVE-2021-26027—[20210307] - Core - ACL violation within com_content frontend editingEPSS 1.1%CVE-2020-35614—[20201105] - Core - User Enumeration in backend loginEPSS 1.1%CVE-2010-1432—Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may EPSS 1.0%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →