๐จ CVE-2026-49231
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow the attacker to assume higher privileges on the upstream service.
This issue affects Apache APISIX: from 3.5.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Authentication Bypass by Spoofing vulnerability in opa plugin.
An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin.
This could allow the attacker to assume higher privileges on the upstream service.
This issue affects Apache APISIX: from 3.5.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49871
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.
This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity.
Actions the victim takes upstream are then attributed to attackers identity.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations.
This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity.
Actions the victim takes upstream are then attributed to attackers identity.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2026-49872
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
Improper Authentication vulnerability in Apache APISIX.
When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue.
๐@cveNotify
๐จ CVE-2017-20252
Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.
๐@cveNotify
Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.
๐@cveNotify
extensions.joomla.org
NextGen Editor - Joomla! Extension Directory
Find extensions for your Joomla site in the Joomla Extensions Directory, the official directory for Joomla components, modules and plugins.
๐จ CVE-2017-20253
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.
๐@cveNotify
Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.
๐@cveNotify
GegaByte Technologies
GegaByte is your one stop for Joomla web design and web development. We deal with all types of web and development, with specialization in Joomla development.
๐จ CVE-2017-20254
Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=com_userbench&view=detail&userid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
๐@cveNotify
Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=com_userbench&view=detail&userid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
๐@cveNotify
GegaByte Technologies
GegaByte is your one stop for Joomla web design and web development. We deal with all types of web and development, with specialization in Joomla development.
๐จ CVE-2017-20255
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.
๐@cveNotify
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.
๐@cveNotify
Joombooking
Software Development Company - Joombooking
A software development company that provides custom software development services to help businesses grow.
๐จ CVE-2017-20256
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information.
๐@cveNotify
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information.
๐@cveNotify
JoomPlace
Extensions for Joomla CMS
Benefit from powerful Joomla! extensions and components, modules and plugins created by JoomPlace. We develop Joomla! software for over 18 years.
๐จ CVE-2017-20257
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.
๐@cveNotify
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.
๐@cveNotify
JoomPlace
Extensions for Joomla CMS
Benefit from powerful Joomla! extensions and components, modules and plugins created by JoomPlace. We develop Joomla! software for over 18 years.
๐จ CVE-2017-20258
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information.
๐@cveNotify
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information.
๐@cveNotify
extensions.joomla.org
Joomla! Extensions Directory
Find extensions for your Joomla site in the Joomla Extensions Directory, the official directory for Joomla components, modules and plugins.
๐จ CVE-2017-20259
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.
๐@cveNotify
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.
๐@cveNotify
Joomla! Extensions Directoryโข
OSDownloads, by Joomlashack - Joomla Extension Directory
OSDownloads is the easiest way to add downloads to Joomla.
๐จ CVE-2017-20260
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.
๐@cveNotify
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.
๐@cveNotify
extensions.joomla.org
Price Alert - Joomla! Extension Directory
Find extensions for your Joomla site in the Joomla Extensions Directory, the official directory for Joomla components, modules and plugins.
๐จ CVE-2017-20261
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
๐@cveNotify
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
๐@cveNotify
Exploit Database
Joomla! Component Bargain Product VM3 1.0 - 'product_id' SQL Injection
Joomla! Component Bargain Product VM3 1.0 - 'product_id' SQL Injection.. webapps exploit for PHP platform
๐จ CVE-2017-20262
Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=com_ajaxquiz and view=ajaxquiz parameters to extract sensitive database information including table names and column structures.
๐@cveNotify
Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=com_ajaxquiz and view=ajaxquiz parameters to extract sensitive database information including table names and column structures.
๐@cveNotify
Webkul Software
Top Cloud, Web & Mobile Development IT Company | Webkul
Top-rated B2B/B2C eCommerce, marketplace, hyperlocal and mobile app development. We worked with fortune 500 in last 15 years - Let's work together.
๐จ CVE-2017-20263
Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.
๐@cveNotify
Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.
๐@cveNotify
่ฝฏไปถไธ่ฝฝๅฎ็ฝ
ๅ
่ดนไธ่ฝฝ(ๅฎ่่ฝฏไปถ้)
ๅ
่ดน่ฝฏไปถๆฑ,ๆ้ไธ่ฝฝ็ซ,ๅ
่ดนไธ่ฝฝ
๐จ CVE-2017-20264
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_sponsorwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
๐@cveNotify
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_sponsorwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.
๐@cveNotify
๐จ CVE-2017-20265
Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information.
๐@cveNotify
Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information.
๐@cveNotify
๐จ CVE-2017-20266
Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the searchword parameter to extract sensitive database information.
๐@cveNotify
Joomla SP Movie Database 1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the searchword parameter. Attackers can send GET requests to the searchresults view with crafted SQL payloads in the searchword parameter to extract sensitive database information.
๐@cveNotify
JoomShaper
Responsive Joomla 6 Templates & Free Joomla Extensions - JoomShaper
JoomShaper is a premium Joomla templates club with more than 149+ premium responsive Joomla templates and extensions.
๐จ CVE-2017-20267
Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.
๐@cveNotify
Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.
๐@cveNotify
Joomlathat
JoomlaThat! - Professional Joomla! Extensions and Services
JoomlaThat is a team of experts focussing on development and consulting for Joomla. We're Joomla extension developers and we can create any kind of extension (component, module, plugin...) for your website or customize current extension to your needs. We'veโฆ
๐จ CVE-2026-12620
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.
This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
๐@cveNotify
The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.
This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
๐@cveNotify
๐จ CVE-2026-12621
Improper neutralization of input during web page generation XSS
vulnerability in the GridTime 3000 (password reset form) allows XSS.
This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.
๐@cveNotify
Improper neutralization of input during web page generation XSS
vulnerability in the GridTime 3000 (password reset form) allows XSS.
This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0.
๐@cveNotify