Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-5987 EXPLOITDB CRITICAL text VERIFIED
Pinterest Clone Social Pinboard 2.0 - SQL Injection
SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6583 EXPLOITDB CRITICAL text VERIFIED
Timetable Responsive Schedule 1.5 - SQL Injection via view=event&alias= Request
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5992 EXPLOITDB CRITICAL text VERIFIED
Staff Master < 1.0 - SQL Injection via Name Parameter
SQL Injection exists in the Staff Master through 1.0 RC 1 component for Joomla! via the name parameter in a view=staff request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7179 EXPLOITDB CRITICAL text
SquadManagement 1.0.3 - SQL Injection via id Parameter
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5980 EXPLOITDB CRITICAL text
Solidres 2.5.1 - SQL Injection via Hub Search Direction Parameter
SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5975 EXPLOITDB CRITICAL text VERIFIED
Joomla! Smart Shoutbox 3.0.0 - SQL Injection
SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5974 EXPLOITDB CRITICAL text
SimpleCalendar 3.1.9 - SQL Injection
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7178 EXPLOITDB CRITICAL text
Saxum Picker 3.2.10 - SQL Injection via Publicid Parameter
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7177 EXPLOITDB CRITICAL text
Saxum Numerology 3.0.4 - SQL Injection via publicid Parameter
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7180 EXPLOITDB CRITICAL text
Saxum Astro 4.0.14 - SQL Injection via publicid Parameter
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6005 EXPLOITDB CRITICAL text
realpin < 1.5.04 - SQL Injection via Pinboard Parameter
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6024 EXPLOITDB CRITICAL text VERIFIED
Joomla! Project Log 1.5.3 - SQL Injection
SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6370 EXPLOITDB CRITICAL text VERIFIED
NeoRecruit 4.1 - SQL Injection via PATH_INFO or .html File Name
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5971 EXPLOITDB CRITICAL text
MediaLibrary Free 4.0.12 - SQL Injection
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-16356 EXPLOITDB MEDIUM text
Simple Image Gallery Extended < 3.3.0 - Reflected Cross-Site Scripting via img, name, or caption Parameter
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
by Alwin Peppels
CVSS 6.1
CVE-2018-6585 EXPLOITDB CRITICAL text VERIFIED
JTicketing 2.0.16 - SQL Injection via filter_creator or filter_events_cat Parameter
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5994 EXPLOITDB CRITICAL text
JS Jobs 1.1.9 - SQL Injection via Zipcode or ta Parameter
SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the zipcode parameter in a newest-jobs request, or the ta parameter in a view_resume request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6006 EXPLOITDB CRITICAL text
JS Autoz 1.0.9 - SQL Injection via vtype, pre, or prs Parameter
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5983 EXPLOITDB CRITICAL text VERIFIED
jquickcontact 1.3.2.2.1 - SQL Injection via task=refresh&sid= Request
SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6368 EXPLOITDB CRITICAL text VERIFIED
JomEstate PRO < 3.7 - SQL Injection via id Parameter in task=detailed Action
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5970 EXPLOITDB CRITICAL text VERIFIED
JGive 2.0.9 - SQL Injection via filter_org_ind_type or campaign_countries Parameter
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6372 EXPLOITDB CRITICAL text VERIFIED
JB Bus 2.3 - SQL Injection via order_number Parameter
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6394 EXPLOITDB CRITICAL text VERIFIED
InviteX 3.0.5 - SQL Injection via invite_type Parameter
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6396 EXPLOITDB CRITICAL text VERIFIED
Google Map Landkarten <= 4.2.3 - SQL Injection via cid/id/map Parameters
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5981 EXPLOITDB CRITICAL text VERIFIED
Gallery WD 1.3.6 - SQL Injection via tag_id or gallery_id Parameter
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
by Ihsan Sencan
CVSS 9.8