CVE-2005-3772
Joomla! < 1.0.4 - SQL Injection via Polls Module Itemid Parameter
Title source: llmDescription
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2526
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23178
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15526
Various Sources x_refsource_confirm
http://www.joomla.org/content/view/499/66/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23177
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21043
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17675
Scores
EPSS
0.0002
EPSS Percentile
7.2%
Details
Status
published
Products (4)
joomla/joomla
1.0
joomla/joomla
1.0.1
joomla/joomla
1.0.2
joomla/joomla
1.0.3
Published
Nov 23, 2005
Tracked Since
Feb 18, 2026