Archived

Vulnerable Extensions List (Archived)

From Joomla! Documentation

This page has been archived. This page contains information for an unsupported Joomla! version or is no longer relevant. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.

For a more recent list please see Vulnerable_Extensions_List_oct

Name Versions Solution References Updated

A6MamboCredits

com_a6mambocredits

All Abandoned. Remove completely or use at your own risk. Secunia Advisory
Forum Topic
2006

A6MamboHelpDesk

com_a6mambohelpdesk

All Abandoned. Remove completely or use at your own risk.

Forum Topic
Secunia Advisory

Secunia Advisory

2006

Advanced Poll

com_advancedpoll (?)

<= 2.2.0

Abandoned. Remove completely or use at your own risk.

Forum Topic 2006
Adobe Acrobat Reader
(Not a Joomla! extension, but worth noting.)
<= 7.0.8 Upgrade to latest stable version. Adobe Advisory 2006
Akocomment All SQL Injection with PHP magic_quotes OFF. No upgrade path yet.

Fix: Turn PHP magic_quotes ON

Forum Topic
June 30, 2006
Article <= 1.1
Upgrade to latest stable version. milwOrm Advisory

FrSIRT Advisory

Forum Topic
26 June 2007

ArtLinks

com_artlinks

All Abandoned. Remove completely or use at your own risk. Forum Topic 2006
AutoStand <= 1.1
No further information at this time.

milwOrm Advisory
FrSIRT Advisory
Forum Topic

 

26 June 2007

Bayesian Naive Filter

com_bayesiannaivefilter

<= 1.1 No Fix Available. Disable or remove until a fix is available. Forum Topic 2006

Bible Study

com_biblestudy

<= 6.0.7b and below Fix Available. SQL Insertion attack http://joomlacode.org/gf/project/biblestudy/ 2008

BigApe Backup

com_babackup

All A patch is available from the developer. See this post. Secunia Advisory
Forum Topic
2006

BSQ Site Stats

com_bsqsitestats

<= 2.2.1 Upgrade to latest stable version.
Forum Topic
Secunia Advisory
2006
Car Manager
<= 1.1
No further information at this time. Forum Topic 26 June 2007

Classifieds

com_classifieds

<= 1.3 Upgrade to latest stable version. Forum Topic 2006

Colophon

com_colophon

<= 1.2 Upgrade to latest stable version. Secunia Advisory
Forum Topic
2006

Community Builder

com_profiler

<= 1.0.0

Upgrade to latest stable version.

See here for a fix for register_globals = off

Jomopolis Topic

Forum Topic

Forum Topic
2006

DS-Syndicate

com_ds-syndicate

All versions?

SQL injection vulnerability.
Remove completely or use at your own risk.
Component has been removed from JED. Abandoned?

http://www.frsirt.com/english/advisories/2008/2859

Nov. 27, 2008

Events

com_events

<= 1.3 Beta Upgrade to latest stable version. Forum Topic 2006
Expose Flash Gallery RC4 Download patch
Forum Topic 20 July 2007

ExtCalendar

com_extcalendar

<= 0.9.1 Upgrade to version 0.9.2. Seethis post for details. Also check the new forked project, JCal. Secunia Advisory

Forum Topic
Forum Topic

Forum Topic
2006

Facile Forms

com_facileforms

<= 1.4.6 Upgrade to latest stable version. Forum Topic 2006

Galleria

com_galleria

All Abandoned. Remove completely or use at your own risk. NVD Advisory
Forum Topic
2006

Gmaps

com_gmaps

<=1.01 Upgrade to the latest version, which can be downloaded here
Security Focus Advisory
6 August 2007

Hash Cash

com_hashcash

All Abandoned. Remove completely or use at your own risk. Secunia Advisory
2006

Hot Property

com_hotproperties (?)

<= 0.97 Upgrade to latest stable version. No references available at this time. 2006

JCE

com_jce

<= 1.0.4 Apply patch, download it here, or use latest stable version.

Secunia Advisory
Cellardoor
Secunia Advisory

2006

JoomlaPack

com_jpack

1.0.4a2 RE Upgrade to latest stable version.

MilwOrm Advisory
FrSIRT Advisory

2006

JoomlaBoard

com_joomlaboard

<= 1.1.1

Upgrade to latest stable version.

RG_EMULATION Fix

Secunia Advisory

Forum Topic

Forum Topic

2006

JoomlaLib

com_joomlalib

<= 1.2.1 Upgrade to latest stable version. Forum Topic 2006

JD-WordPress

com_jd-wp

<= 2.0-1.0 RC2 Patch Available.
See this post.
Forum Topic 2006

JD-Wiki

com_jd-wiki

All

Abandoned project.
Upgrade to nuWiki

Forum Topic

Forum Topic

6 July 2007

JIM 1.0.1. (PMS)

com_jim

1.0.1
Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number. Secunia Advisory 2006
joomSEF (ARTIO) <=2.2.1 Upgrade to latest stable version. Forum Topic 27 Oct 2007

jPack

com_jpack

< 1.0.4-b1 Upgrade to latest stable version. Forum Topic 26 June 2007

Link Directory

com_linkdirectory

All
Remove. Abandoned project.
No references. 2006

Letterman

mod_letterman

<= 1.2.4 Upgrade to latest stable version. [1] Forum Topic May 2007

LMO

com_lmo

<= 1.0b2 Upgrade to latest stable version. [2] FrSIRT Advisory
Forum Topic
2006

LoudMouth

com_loudmouth

<= 4.0j Upgrade to version 4.1 then apply Security Patch 1. Download here. Forum Topic
MamboExchange Advisory
2006

MamCom (?)

com_trade

All
Abandoned. Remove completely or use at your own risk.
*Unconfirmed* 2006

MambelFish 1.x

com_mambelfish

<= 1.x Upgrade to 1.5 (or to Joom!Fish) Download Mambelfish
Download Joom!Fish
Secunia Advisory 2006

Mambo Gallery Manager

com_mgm

All Abandoned. Remove completely or use at your own risk. Forum Topic
FrSIRT Advisory
2006

MiniBB

com_minibb

<= 1.5a Abandoned. Remove completely or use at your own risk.

Security Reason Advisory Forum Topic
Security Reason

2006

Mos Tree

com_mtree

<= 1.5.8 Upgrade to latest stable version. [3] Forum Topic 2006

MosMedia

com_mosmedia

<= 1.0.8 Temporary Fix Available. See this thread for details. Forum Topic 2006

MoSpray

com_mospray

<= 1.8 RC1 Abandoned. Remove completely or use at your own risk. Forum Topic 2006

Multibanners

com_multibanners

* Note: Not the same as the Multibanners Module.

All
Abandoned. Remove completely or use at your own risk. Secunia Advisory

Forum Topic

2006

OpenSEF

com_sef

<= 2.0.0 RC5 Unpatched Download patch Forum Topic 2006

PC Cook Book

com_pccookbook

<= 1.3.1 No Fix Available. Disable or remove. FrSIRT Advisory

Forum Topic

2006

Per Forms

com_performs

<= v1_beta Upgrade to latest stable version. [4] Secunia Advisory
Forum Topic

Forum Topic

2006
Phil-A-Form < 1.2
Upgrade to latest version.
Forum Topic



May 2007

People Book

com_peoplebook

<= 1.1.5 Upgrade to latest stable version. [5] Joomla Forge 2006

Prince Clan Chess

com_pcchess

<= 0.8 Author suggest manually patching. [6] See this site. 2006

PollXT

com_pollxt

<= 1.22.07 Upgrade to latest stable version. [7] Secunia Advisory

Forum Topic
Secunia Advisory

2006

RS Gallery2

com_rsgallery2

<= 1.11.3 Upgrade to latest stable version. [8] Forum Topic 06
RWCards < 2.4.4
Upgrade to latest stable version. Forum Topic 26 June 2007
Security Images

com_securityimages

<= 3.0.5 Upgrade to latest stable version. Secunia Advisory

Forum Topic

June 2007
SEF404x

com_sef

All No Fix Available. Remove completely or use at your own risk. No references.
2006
sh404SEF 1.2.4 t, u, or w Patch or update.
Forum Topic 23 Oct, 2007

Site Map

com_sitemap


All
Abandoned. Remove completely or use at your own risk.
[9]

Secunia Advisory
Forum Topic
Secunia Advisory

2006

SimpleBoard

com_simpleboard

All Upgrade to latest JoomlaBoard. JoomlaBoard is compatible with SimpleBoard. Download here.

Secunia Advisory
Secunia Advisory
Forum Topic
Secunia Advisory

2006

SMF Bridge

com_smf

<= 1.1.4

Versions other than 1.1RC2. Fix Available. See this thread.

 

Version 1.1RC2 only. Upgrade available.
See this thread.

Secunia Advisory

Simple Machines Advisory
Forum Topic
Forum Topic
Forum Topic
Forum Topic

Secunia Advisory

2006

TaskHopper

com_thopper

<= 1.1
Upgrade to latest version.

Forum Topic

2006

User Home Pages 1 and 2

com_uhp and com_uhp2

<= 1.1.1 (?) Upgrade to latest stable version. [10] Forum Topic
  Secunia Advisory 

Forum Topic

June 2007
VirtueMart <= 1.0.13a Upgrade to version >= 1.0.14. Available here. Security Bulletin January 2008
WordPress
(Not a Joomla! extension, but worth noting.)
2.1.1 Upgrade to latest stable version. Forum Topic 26 June 2007
zOOm Media Gallery <= 2.5.1 RC4 Upgrade to latest stable version. FrSIRT Advisory
Forum Topic
2006
BF Survey Pro
BF Survey Basic
BF Quiz
<=1.2.5
<=1.0
<=1.1.1
Upgrade to latest versions Forum Post
Developer's Forum Post
September, 2009
Photoblog (com_photoblog) Unknown Unknown Security Focus Advisory October 26, 2009