| Joomla | Number Of NVD | 285 | CRITICAL | 32 | HIGH | 73 | MEDIUM | 178 | LOW | 2 |
| URL | https://www.joomla.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Joomla is an open source Content Management System (CMS). Each major version is supported for at least four years. Basically, it is recommended to use the latest version. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://downloads.joomla.org/ | ||
| 2 | https://www.joomla.org/announcements/release-news/ | ||
| 3 | https://docs.joomla.org/Joomla!_CMS_versions | ||
| 4 | http://feeds.joomla.org/JoomlaSecurityNews | ||
| 5 | http://www.joomla.jp/ | ||
| 6 | https://developer.joomla.org/roadmap.html | ||
| 7 | https://docs.joomla.org/Release_and_support_cycle | ||
| 8 | https://github.com/joomla |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 211 | Joomla 5.1 | 5.1.4 | Aug. 27, 2024 | April 16, 2024 | 5 | 10 | 19 | 0 | |||
| 212 | Joomla 5.0 | 5.0.3 | July 9, 2024 | Oct. 17, 2023 | April 16, 2024 | 5 | 11 | 19 | 0 | ||
| 213 | Joomla 4.4 | 4.4.13 | April 8, 2025 | Oct. 17, 2023 | Oct. 17, 2025 | 5 | 11 | 19 | 0 | ||
| 214 | Joomla 4.3 | 4.3.4 | Aug. 22, 2023 | April 18, 2023 | Oct. 17, 2023 | 5 | 12 | 20 | 0 | ||
| 215 | Joomla 4.2 | 4.4.6 | July 9, 2024 | Aug. 16, 2022 | April 18, 2023 | 5 | 12 | 27 | 0 | ||
| 216 | Joomla 4.1 | 4.1.5 | June 21, 2022 | Feb. 15, 2022 | Aug. 16, 2022 | 8 | 12 | 28 | 0 | ||
| 217 | Joomla 4.0 | 4.0.6 | Jan. 18, 2022 | Aug. 17, 2021 | Feb. 15, 2022 | 9 | 12 | 27 | 0 | ||
| 218 | Joomla 3.10 | 3.10.11 | Aug. 16, 2022 | Aug. 17, 2021 | Aug. 17, 2023 | 6 | 7 | 13 | 0 | ||
| 219 | Joomla 3.9 | 3.9.28 | July 6, 2021 | Oct. 30, 2018 | Aug. 17, 2023 | 15 | 26 | 68 | 0 | ||
| 220 | Joomla 3.8 | 3.8.13 | Oct. 9, 2018 | Sept. 19, 2017 | Oct. 30, 2018 | 17 | 33 | 76 | 0 | ||
| 221 | Joomla 3.7 | 3.7.5 | Aug. 17, 2017 | April 25, 2017 | Sept. 19, 2017 | 19 | 34 | 75 | 1 | ||
| 222 | Joomla 3.6 | 3.6.5 | Dec. 13, 2016 | July 12, 2016 | April 25, 2017 | 23 | 35 | 79 | 0 | ||
| 223 | Joomla 3.5 | 3.5.1 | April 5, 2016 | March 21, 2016 | July 12, 2016 | 23 | 35 | 77 | 0 | ||
| 224 | Joomla 3.4 | 3.4.8 | Dec. 24, 2015 | Feb. 24, 2015 | March 21, 2016 | 23 | 41 | 83 | 0 | ||
| 225 | Joomla 3.3 | 3.3.4 | Sept. 23, 2014 | April 20, 2014 | Feb. 24, 2015 | 22 | 42 | 83 | 0 | ||
| 226 | Joomla 3.2 | 3.2.1 | Dec. 18, 2014 | Nov. 6, 2013 | Oct. 31, 2014 | 22 | 44 | 85 | 0 | ||
| 227 | Joomla 3.1 | 3.1.6 | Nov. 6, 2013 | April 24, 2013 | Dec. 31, 2013 | 18 | 35 | 76 | 0 | ||
| 228 | Joomla 3.0 | 3.0.3 | Feb. 4, 2013 | Sept. 27, 2012 | May 31, 2013 | 18 | 35 | 81 | 0 | ||
| 229 | Joomla 2.5 | 2.5.28 | Dec. 10, 2014 | Jan. 24, 2012 | Dec. 31, 2014 | 13 | 30 | 58 | 0 | ||
| 230 | Joomla 1.7 | 1.7.5 | Feb. 2, 2012 | July 19, 2011 | Feb. 29, 2012 | 10 | 17 | 29 | 0 | ||
| 231 | Joomla 1.6 | 1.6.6 | July 26, 2011 | Jan. 10, 2011 | Aug. 31, 2011 | 10 | 14 | 30 | 0 | ||
| 232 | Joomla 1.5 | 1.5.26 | March 27, 2012 | Jan. 22, 2008 | Sept. 30, 2012 | 11 | 19 | 35 | 1 | ||
| 233 | Joomla 1.0 | 1.0.15 | Feb. 21, 2008 | Sept. 17, 2005 | July 22, 2009 | 5 | 15 | 30 | 0 | ||
| 234 | Joomla 13.1 | 13.1 | 0 | 0 | 0 | 0 | |||||
| 235 | Joomla 12.3 | 12.3 | 0 | 0 | 0 | 0 | |||||
| 236 | Joomla 12.1 | 12.1 | 0 | 0 | 0 | 0 | |||||
| 237 | Joomla 11.4 | 11.4 | 0 | 0 | 0 | 0 | |||||
| 238 | Joomla 11.3 | 11.3 | 0 | 0 | 0 | 0 | |||||
| 239 | Joomla 11.2 | 11.2 | 0 | 0 | 0 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 211 |
- 7.5 |
HIGH | SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. |
CWE-89
SQL Injection |
CVE-2015-7297 |
cpe:2.3:a:joomla:joomla\!:3.4.4:* cpe:2.3:a:joomla:joomla\!:3.4.3:* cpe:2.3:a:joomla:joomla\!:3.4.2:* cpe:2.3:… |
2024-11-21 11:36 2015-10-30 |
Show | GitHub Exploit DB Packet Storm | ||||
| 212 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE-79
Cross-site Scripting |
CVE-2015-6939 |
cpe:2.3:a:joomla:joomla\!:3.4.3:* cpe:2.3:a:joomla:joomla\!:3.4.2:rc1 cpe:2.3:a:joomla:joomla\!:3.4.2:* cpe:2.… |
2024-11-21 11:35 2015-09-19 |
Show | GitHub Exploit DB Packet Storm | ||||
| 213 |
- 6.8 |
MEDIUM | Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl… |
CWE-352
Origin Validation Error |
CVE-2015-5397 |
cpe:2.3:a:joomla:joomla\!:3.4.2:rc1 cpe:2.3:a:joomla:joomla\!:3.4.1:rc2 cpe:2.3:a:joomla:joomla\!:3.4.1:rc1 cp… |
2024-11-21 11:32 2015-07-15 |
Show | GitHub Exploit DB Packet Storm | ||||
| 214 |
- 7.5 |
HIGH | Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … |
CWE-310
Cryptographic Issues |
CVE-2014-7228 |
cpe:2.3:a:joomla:joomla\!:3.3.4:* cpe:2.3:a:joomla:joomla\!:3.3.3:* cpe:2.3:a:joomla:joomla\!:3.3.2:* cpe:2.3:… |
2024-11-21 11:16 2014-11-4 |
Show | GitHub Exploit DB Packet Storm | ||||
| 215 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/… |
CWE-79
Cross-site Scripting |
CVE-2012-2413 |
cpe:2.3:a:joomla:joomla\!:1.5.9:* cpe:2.3:a:joomla:joomla\!:1.5.8:* cpe:2.3:a:joomla:joomla\!:1.5.7:* cpe:2.3:… |
1.5.26 |
2024-11-21 10:39 2014-10-20 |
Show | GitHub Exploit DB Packet Storm | |||
| 216 |
- 7.5 |
HIGH | Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. |
CWE-264
Permissions, Privileges, and Access Controls |
CVE-2014-7984 |
cpe:2.3:a:joomla:joomla\!:3.2.2:* cpe:2.3:a:joomla:joomla\!:3.2.1:* cpe:2.3:a:joomla:joomla\!:3.2.0:* cpe:2.3:… |
2024-11-21 11:18 2014-10-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 217 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE-79
Cross-site Scripting |
CVE-2014-7983 |
cpe:2.3:a:joomla:joomla\!:3.2.2:* cpe:2.3:a:joomla:joomla\!:3.2.1:* cpe:2.3:a:joomla:joomla\!:3.2.0:* cpe:2.3:… |
2024-11-21 11:18 2014-10-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 218 |
- 4.3 |
MEDIUM | Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CWE-79
Cross-site Scripting |
CVE-2014-7982 |
cpe:2.3:a:joomla:joomla\!:3.2.2:* cpe:2.3:a:joomla:joomla\!:3.2.1:* cpe:2.3:a:joomla:joomla\!:3.2.0:* cpe:2.3:… |
2024-11-21 11:18 2014-10-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 219 |
- 7.5 |
HIGH | SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
CWE-89
SQL Injection |
CVE-2014-7981 |
cpe:2.3:a:joomla:joomla\!:3.2.2:* cpe:2.3:a:joomla:joomla\!:3.2.1:* cpe:2.3:a:joomla:joomla\!:3.2.0:* cpe:2.3:… |
2024-11-21 11:18 2014-10-9 |
Show | GitHub Exploit DB Packet Storm | ||||
| 220 |
- 5.0 |
MEDIUM | Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors. |
NVD-CWE-noinfo
|
CVE-2014-7229 |
cpe:2.3:a:joomla:joomla\!:3.3.4:* cpe:2.3:a:joomla:joomla\!:3.3.3:* cpe:2.3:a:joomla:joomla\!:3.3.2:* cpe:2.3:… |
2024-11-21 11:16 2014-10-9 |
Show | GitHub Exploit DB Packet Storm |