Software Detail

Software Informaton Top

CMS

Software Detail

Joomla

Number Of NVD

260

CRITICAL

HIGH

MEDIUM

164

LOW

URL	https://www.joomla.org/
Explanation	Joomla is an open source Content Management System (CMS). Each major version is supported for at least four years. Basically, it is recommended to use the latest version.
Tag	GPL v2 PHP オープンソース

Add Information URL

No	Type	Name	URL
1			https://downloads.joomla.org/
2			https://www.joomla.org/announcements/release-news/
3			https://docs.joomla.org/Joomla!_CMS_versions
4			http://feeds.joomla.org/JoomlaSecurityNews
5			http://www.joomla.jp/
6			https://developer.joomla.org/roadmap.html
7			https://docs.joomla.org/Release_and_support_cycle
8			https://github.com/joomla

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
41	Joomla 5.1	5.1.4	Aug. 27, 2024	April 16, 2024		0	4	7	0
42	Joomla 5.0	5.0.3	July 9, 2024	Oct. 17, 2023	April 16, 2024	0	5	7	0
43	Joomla 4.4	4.4.13	April 8, 2025	Oct. 17, 2023	Oct. 17, 2025	0	5	7	0
44	Joomla 4.3	4.3.4	Aug. 22, 2023	April 18, 2023	Oct. 17, 2023	0	6	8	0
45	Joomla 4.2	4.4.6	July 9, 2024	Aug. 16, 2022	April 18, 2023	0	6	15	0
46	Joomla 4.1	4.1.5	June 21, 2022	Feb. 15, 2022	Aug. 16, 2022	3	6	17	0
47	Joomla 4.0	4.0.6	Jan. 18, 2022	Aug. 17, 2021	Feb. 15, 2022	4	6	17	0
48	Joomla 3.10	3.10.11	Aug. 16, 2022	Aug. 17, 2021	Aug. 17, 2023	2	6	8	0
49	Joomla 3.9	3.9.28	July 6, 2021	Oct. 30, 2018	Aug. 17, 2023	11	25	63	0
50	Joomla 3.8	3.8.13	Oct. 9, 2018	Sept. 19, 2017	Oct. 30, 2018	13	32	71	0
51	Joomla 3.7	3.7.5	Aug. 17, 2017	April 25, 2017	Sept. 19, 2017	15	33	70	1
52	Joomla 3.6	3.6.5	Dec. 13, 2016	July 12, 2016	April 25, 2017	19	34	74	0
53	Joomla 3.5	3.5.1	April 5, 2016	March 21, 2016	July 12, 2016	19	34	72	0
54	Joomla 3.4	3.4.8	Dec. 24, 2015	Feb. 24, 2015	March 21, 2016	19	40	78	0
55	Joomla 3.3	3.3.4	Sept. 23, 2014	April 20, 2014	Feb. 24, 2015	18	41	78	0
56	Joomla 3.2	3.2.1	Dec. 18, 2014	Nov. 6, 2013	Oct. 31, 2014	18	43	80	0
57	Joomla 3.1	3.1.6	Nov. 6, 2013	April 24, 2013	Dec. 31, 2013	15	34	71	0
58	Joomla 3.0	3.0.3	Feb. 4, 2013	Sept. 27, 2012	May 31, 2013	15	34	76	0
59	Joomla 2.5	2.5.28	Dec. 10, 2014	Jan. 24, 2012	Dec. 31, 2014	13	30	58	0
60	Joomla 1.7	1.7.5	Feb. 2, 2012	July 19, 2011	Feb. 29, 2012	10	17	29	0
61	Joomla 1.6	1.6.6	July 26, 2011	Jan. 10, 2011	Aug. 31, 2011	10	14	30	0
62	Joomla 1.5	1.5.26	March 27, 2012	Jan. 22, 2008	Sept. 30, 2012	11	19	35	1
63	Joomla 1.0	1.0.15	Feb. 21, 2008	Sept. 17, 2005	July 22, 2009	5	15	30	0
64	Joomla 13.1	13.1				0	0	0	0
65	Joomla 12.3	12.3				0	0	0	0
66	Joomla 12.1	12.1				0	0	0	0
67	Joomla 11.4	11.4				0	0	0	0
68	Joomla 11.3	11.3				0	0	0	0
69	Joomla 11.2	11.2				0	0	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
41	6.5 4.3	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.	CWE-352 Origin Validation Error	CVE-2021-26034	cpe:2.3:a:joomla:joomla\!::	3.0.0	3.9.26		2024-11-21 14:55 2021-05-26	Show	GitHub Exploit DB Packet Storm

42	6.5 4.3	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint.	CWE-352 Origin Validation Error	CVE-2021-26033	cpe:2.3:a:joomla:joomla\!::	3.0.0	3.9.26		2024-11-21 14:55 2021-05-26	Show	GitHub Exploit DB Packet Storm

43	6.1 4.3	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors.	CWE-79 Cross-site Scripting	CVE-2021-26032	cpe:2.3:a:joomla:joomla\!::	3.0.0	3.9.26		2024-11-21 14:55 2021-05-26	Show	GitHub Exploit DB Packet Storm

44	5.3 5.0	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.	NVD-CWE-noinfo	CVE-2021-26031	cpe:2.3:a:joomla:joomla\!::	3.0.0	3.9.25		2024-11-21 14:55 2021-04-15	Show	GitHub Exploit DB Packet Storm

45	6.1 4.3	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page	CWE-79 Cross-site Scripting	CVE-2021-26030	cpe:2.3:a:joomla:joomla\!::	3.0.0	3.9.25		2024-11-21 14:55 2021-04-15	Show	GitHub Exploit DB Packet Storm

46	5.3 5.0	MEDIUM Network	An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field.	NVD-CWE-Other	CVE-2021-26029	cpe:2.3:a:joomla:joomla\!::	1.6.0		3.9.25	2024-11-21 14:55 2021-03-5	Show	GitHub Exploit DB Packet Storm

47	5.5 4.3	MEDIUM Local	An issue was discovered in Joomla! 3.0.0 through 3.9.24. Extracting an specifilcy crafted zip package could write files outside of the intended path.	CWE-22 Path Traversal	CVE-2021-26028	cpe:2.3:a:joomla:joomla\!::	3.0.0		3.9.25	2024-11-21 14:55 2021-03-5	Show	GitHub Exploit DB Packet Storm

48	5.3 5.0	MEDIUM Network	An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.	CWE-863 Incorrect Authorization	CVE-2021-26027	cpe:2.3:a:joomla:joomla\!::	3.0.0		3.9.25	2024-11-21 14:55 2021-03-5	Show	GitHub Exploit DB Packet Storm

49	7.5 5.0	HIGH Network	An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads	NVD-CWE-noinfo	CVE-2021-23132	cpe:2.3:a:joomla:joomla\!::	3.0.0		3.9.25	2024-11-21 14:51 2021-03-5	Show	GitHub Exploit DB Packet Storm

50	7.5 5.0	HIGH Network	An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.	CWE-20 Improper Input Validation	CVE-2021-23131	cpe:2.3:a:joomla:joomla\!::	3.2.0		3.9.25	2024-11-21 14:51 2021-03-5	Show	GitHub Exploit DB Packet Storm