Skip to main content

Joomla

Vendor security scorecard – 261 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 930
261
CVEs
30
Critical
63
High
1
KEV
38
PoC
78
Unpatched C/H
14.9%
Patch Rate
6.0%
Avg EPSS

Severity Breakdown

CRITICAL
30
HIGH
63
MEDIUM
163
LOW
4

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2017-8917 SQL injection vulnerability in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 94.5%. CRITICAL 9.8 94.5% 179
PoC
CVE-2016-10045 The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.4%. CRITICAL 9.8 93.4% 177
PoC
CVE-2015-8562 Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 92.9%. HIGH 7.5 92.9% 165
PoC No patch
CVE-2015-7297 SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 91.6%. HIGH 7.5 91.6% 164
PoC No patch
CVE-2016-8869 The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.9%. CRITICAL 9.8 91.9% 161
PoC
CVE-2016-8870 The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla!. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 91.5%. HIGH 8.1 91.5% 152
PoC
CVE-2015-7857 SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.2%. HIGH 7.5 72.2% 145
PoC No patch
CVE-2015-7858 SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.1%. HIGH 7.5 69.1% 142
PoC No patch
CVE-2013-5576 administrator/components/com_media/helpers/media.php in the media manager in Joomla!. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 52.1%. MEDIUM 6.8 52.1% 121
PoC
CVE-2014-7228 Akeeba Restore (restore.php), as used in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 6.1% 79
PoC No patch
CVE-2014-7981 SQL injection vulnerability in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 14.3%. HIGH 7.5 14.3% 72
PoC No patch
CVE-2017-14596 In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 2.6% 72
PoC No patch
CVE-2016-9836 The file scanning mechanism of JFilterInput::isFileSafe() in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 0.4% 69
PoC No patch
CVE-2019-10945 An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 38.0% 69
PoC No patch
CVE-2016-9838 An issue was discovered in components/com_users/models/registration.php in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available. HIGH 7.5 2.9% 60
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy