Vulnerable Extensions List
From Joomla! Documentation
This page has been archived. This page contains information for an unsupported Joomla! version or is no longer relevant. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.
This document has now been replaced by the website at vel.joomla.org from 1st May 2013 Please refer to there for the latest updates
List prior to January 2011 (now archived) Please check here also.
Check and Report.[edit]
Please check with the extension publisher in case of any questions over the security of their product.
Report Vulnerable extensions in the vel website
- If you are seeing this page on any site other than the Offical Joomla Documentation you may be seeing an out of date version or experiencing plagiary and the links may not work properly
How to use this list[edit]
Items will be removed after a suitable period and not on resolution.
This document has now been replaced by the website at vel.joomla.org from 1st May 2013 Please refer to there for the latest updates
All known vulnerable extensions are the listed in the first column "Extension". Any in a red box are where we have not been given a fix. Any in a turquoise box contain a link to the notice about an update with link. Any that are in an uncolored box are a "Contact the Developer About This Extension". Alert Advisory details are in the center column. If the "Extension Update Link & Date Column has Not Known then it is where no update is known.
This list is compiled from found information and may not be an up to date accurate list We do NOT promise to test or validate these reports. We do NOT guarantee the quality or effectiveness of any updates reported to us or listed here. To sign up for the feed please follow this link
- We do not list BETA products, or extensions for J1.0.x
Developers - How to get yourself removed from the VEL[edit]
Resolved items will be removed after a suitable period and not on resolution
Please solve the issues and:
- If JED listed
To have your extension republished, please follow these steps:
1- Solve the issues.
2- Attach the new zip file at your actual JED listing.
3- Change the extension version at JED listing.
4- Make sure to include a notice in the JED description to the fact that the new release is a "Security Release" and those who use the extension should upgrade immediately.
5-complete the resolution form on the website at vel.joomla.org from 1st May 2013
6- Create a JED listing owner ticket to the JED with a notice and ask that your listing be republished. Include the full details of your new version number and security notice page
VEL email can be found above and the JED support link is in your notice of "unpublication" and here
- If not JED listed.
Inform us by email with a notice of resolution, the latest version number and a link to the security release statement on your website.
January 2012 and onwards Reported Vulnerable Extensions[edit]
<startFeed />
Extension | Details | Date Added | Extension Update Link & Date |
---|---|---|---|
civic crm 422[edit] |
upload exploit /RFI | 260413 | developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1 |
alfcontact[edit] |
xss | 230413 | developer release statement on ALFContact v2.0.8 for J!2.5 ALFContact v3.1.4 for J!3 |
aiContactSafe 2.0.19[edit] |
xss | 160413 | developer release statement for version 2.0.21 |
RSfiles[edit] |
SQL | 180313 | developer release statement for version 12 |
Multiple Customfields Filter for Virtuemart[edit] |
SQLi | 18212 | developers 1.6.8 update statement |
Collector[edit] |
Various [steevo.fr] | 230113 | developer update statement to 0.5.1 |
tz guestbook[edit] |
Various | 100113 | developer release statement for 1.1.2 |
extplorer[edit] |
2.1.2, 2.1.1, 2.1.0 and 2.1.0RC5 are vulnerable to an authentication bypass | 251212 | developer update to 2.1.3 statement |
JooProperty[edit] |
SQLi | 101212 | developer release new version 1.13.1 - upgrade notice |
Multiple Customfields Filter for Virtuemart[edit] |
SQLi | 18212 | developers update statement |
ag google analytic[edit] |
Various | 061212 | |
sh404sef <3.7.0[edit] |
Undisclosed sh404SEF 3.4.x, 3.5.x, 3.6.x for Joomla 2.5 | 26112 | developer statement |
Login Failed Log[edit] |
23112 | ID - information disclosure | developer release statement to ver 1.5.4 |
jNews[edit] |
131112 | developer update statement to version 7.9.1 151112 | |
Joombah Jobs[edit] |
Upload restriction issues | 131112 | developer update statement |
commedia[edit] |
RFI | 231012 | developer update statement to version 3.2 271012 |
Kunena[edit] |
SQLi + ID | 221012 | Developer states current version not exploitable by reported methods |
Icagenda[edit] |
SQLi | Developer statement for 1.2.9 | |
JTag [joomlatag][edit] |
SQLi | ||
Freestyle Support[edit] |
SQLi | developer update statement 251012 | |
ACEFTP[edit] |
DT | 011012 | AceFTP 2.0.0 released. Developer statement 101012 |
MijoFTP[edit] |
DT | 011012 | *reported fixed prior to notification* |
spider calendar lite[edit] |
RFI | 180912 | developer release version 1.5 version |
RokModule[edit] |
SQLi | Rereported 180912 | Developer states: no known exploits for our current versions of RokModule Joomla 2.5 - v1.3 Joomla 1.5 - v1.4 |
ICagenda[edit] |
SQLi | developer security release - v1.2.1 | 080912 |
En Masse cart[edit] |
RFI | 060812 | Developer upgrade statement to 3.1.3 |
JCE (joomla content editor)[edit] |
Upload Restriction <2.2.4 | 050812 | Developer states current version not exploitable |
RSGallery2[edit] |
SQLi XSS | 31 07 12 | Devleoper statement versions 3.2.0 for Joomla 2.5 and version 2.3.0 for Joomla 1.5 released |
osproperty[edit] |
Unrestricted uploads | 160712 | Developer release version 2.0.3 180712 |
KSAdvertiser[edit] |
RFI | 160712 | The security update version 1.5.72 advise can be found here: |
Shipping by State for Virtuemart[edit] |
elevated permissions (http://web-expert.gr/en) | 160612 | Upgrade to v2.5 download commercial product 300612 |
ownbiblio 1.5.3[edit] |
SQLi + | 250512 | |
Ninjaxplorer <=1.0.6[edit] |
developer notification | 250412 | developer statement upgrade to 1.0.7 |
Phoca Fav Icon[edit] |
Permissions Rewrite | 150412 | developer update 2.0.3 statement |
estateagent improved[edit] |
sqli (eaimproved.eu) | 110412 | developer states previous version, not current version |
bearleague[edit] |
110412 | sql | (no longer maintained) |
JLive! Chat v4.3.1[edit] |
DT | 060412 | Developer reports as unproven |
virtuemart 2.0.2[edit] |
SQLi | 050412 | developers release statementCurrent version 2.0.6 released |
JE testimonial[edit] |
SQLi | 230312 | Developer states malicious report. |
JaggyBlog[edit] |
excessive file permission | 090212 | version 1.3.1 released |
Quickl Form[edit] |
xss | 260112 | |
com_advert[edit] |
sqli - unknown developer | 240112 | |
Joomla Discussions Component[edit] |
sqli | 180112 | Discussions 1.4.1 released developer statement |
[edit] |
sqli | 180112 | updated version 2.2 |
Simple File Upload 1.3[edit] |
RFI | 010112 | Developer update statement to 1.3.5 |
[edit] |
<endFeed />
January 2011 - Jan 2012 Reported Vulnerable Extensions[edit]
Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic clearly marked with the first word in the title being Vulnerable Report where the security moderators or JSST team will respond or via email to the VEL team. For a guide to the codes
- If you are seeing this page on any site other than the Offical Joomla Documentation you may be seeing an out of date version or experiencing plagiary and the links may not work properly
<startFeed />
Extension | Details | Date Added | Extension Update Link & Date | |
---|---|---|---|---|
Simple File Upload 1.3[edit] |
RFI | 010112 | Developer update statement to 1.3.5 | |
Dshop[edit] |
sqli (possibly dhrusya.com) | 201111 | ||
QContacts 1.0.6[edit] |
sqli | 131211 | ||
Jobprofile 1.0[edit] |
SQL Injection Vulnerability | 051211 | ||
JX Finder 2.0.1[edit] |
XSS Vulnerabilities | 011211 | ||
wdbanners[edit] |
Unknown Exploit | 301111 | ||
JB Captify Content J1.5 and J1.7[edit] |
Security checks missing -Versions prior to JB_mod_captifyContent_J1.5_J1.7_1.0.1.zip | 141111 | All extensions available on the site have been updated and this potential security issue has been resolved. | |
JB Microblog[edit] |
Security checks missing - J1.7 only. Versions prior to 1.10.3 | 14111 | All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved. | |
JB Slideshow <3.5.1,[edit] |
Security checks missing | 141111 | All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved. | |
JB Bamboobox[edit] |
Security checks missing - J1.5 all versions prior to 1.2.2 | 141111 | All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved. | |
RokModule[edit] |
SQLI - exploits RokStock RokWeather RokNewspager | 121111 | developer release statement RokModule v1.3 for Joomla 1.7 RokModule v1.4 for Joomla 1.5 | |
hm community[edit] |
Multiple Vulnerabilities | 011111 | developer release 1.01 | |
Alameda[edit] |
SQLi | 01111 | developer statement and Latest version number v1.0.1. | |
Techfolio 1.0[edit] |
Techfolio 1.0 SQLI | 291011 | ||
Barter Sites 1.3[edit] |
Barter Sites 1.3 SQL Injection & Persistent XSS vulnerabilities | 291011 | developer release 1.3.1 | |
Jeema SMS 3.2[edit] |
Jeema SMS 3.2 Multiple Vulnerabilities | 291011 | developer resolution notice for 3.5.2 | |
Vik Real Estate 1.0[edit] |
Vik Real Estate 1.0 Multiple Blind SqlI | 291011 | ||
yj contact[edit] |
LFI (youjoomla contact) | 241011 | developer update statement 261011 | |
NoNumber Framework[edit] |
Advanced Module Manager * AdminBar Docker * Add to Menu * Articles Anywhere * What? Nothing!* Tooltips* Tabber* Sourcerer* Slider* Timed Styles* Modules Anywhere* Modalizer* ReReplacer* Snippets* DB Replacer* CustoMenu* Content Templater* CDN for Joomla!* Cache Cleaner* Better Preview | 181011 | see http://feeds.feedburner.com/nonumber/news for updates of various extensions | |
Time Returns[edit] |
SQLi takeaweb.it | 151011 | No longer developed. New version 2.0.1 for Joomla 1.6/1.7 (old version are no longer supported) http://www.takeaweb.it | |
Simple File Upload[edit] |
LFI | 300811 | developer advice page | |
Jumi[edit] |
LFI | 300811 | Developer states proper use of joomla administration/extension documentation reading | |
Joomla content editor[edit] |
JCE lfi/rfi vulnerability | JCE 2.0.11 and JCE 1.5.7.14 have been released | ||
Google Website Optimizer[edit] |
Numerous vulnerabilities. Website Optimizer, Pearl Group | 290811 | developer update statement to ver. 1.4.0 | |
Almond Classifieds[edit] |
777 Folder settings (all folders it uses are set to 777 including previously 755 locked folders) | 260811 | developer resolution notice | |
joomtouch[edit] |
LFI/RFI | 180811 | developers resolution notice 1.0.3 | |
RAXO All-mode PRO[edit] |
Timthumb RFI | 110811 | developer upgrade 1.5.0 statement | |
V-portfolio[edit] |
DT - open folders | 110811 | developer resolution statement | |
obSuggest[edit] |
LFI | 310711 | developer release statement | |
Simple Page[edit] |
LFI | 230711 | developer update statement v1.5.17 has been released | |
JE Story[edit] |
LFI | 230711 | devloper security update notice to ver 1.9 | |
appointment booking pro[edit] |
LFI 22071 | developer update security announcement Current 2.0.1 and 1.4.x versions, are not vulnerable, | ||
acajoom[edit] |
xss (admin permission required) | 220711 | updated to 5.20 | |
gTranslate[edit] |
ID - | 220711 | developer security release 1.5 x.25 and 1.6 x.26. | |
alpharegistration[edit] |
http://www.alphaplug.com/ Please contact the developer for any questions on this extension | 170711 220711 | ||
Jforce[edit] |
DT - | 170711 | developer states The new version number v1.5r1362 resolves the problem | |
Flash Magazine Deluxe Joomla[edit] |
ID multiple vulnerabilities | 170711 | developer release 2.1.4 | |
AVreloaded[edit] |
SQLi - version 1.2.6 | 150711 | 1.2.7 released developer release statement 160711 | |
Sobi[edit] |
SQLI - | 130711 | developer fix and update statement | |
fabrik[edit] |
sqli | 120711 | Developers Update statement 2.1 | |
xmap[edit] |
sqli 1.2.11 | 120711 | upgrade to 1.2.12 | |
Atomic Gallery[edit] |
Creates 777 folders Atomic gallery | 110711 | developer release statement/changelog | |
myApi[edit] |
ID Contains "Call-Home" function. Sends private user information to developer. | 020711 | Developer states Use version 1.3.4.1 | |
mdigg[edit] |
SQL I (not listed in JED) | 020711 | ||
Calc Builder[edit] |
sqli + ID | 180611 | dev security release 0.0.2 | |
Cool Debate[edit] |
Cool Debate 1.03 LFI | version 1.0.8 released. | ||
[edit] |
||||
Scriptegrator Plugin 1.5.5[edit] |
LFI | 140611 | Update - Core Design Scriptegrator plugin 2.0.9 & 1.5.6 | |
Joomnik Gallery[edit] |
SQLi | developer update to 0.9.1 | ||
JMS fileseller[edit] |
LFI | 0611 | developer upgrade announcement to v1.1 | |
sh404SEF[edit] |
low-level XSS security issue | 300511 | Dev upgrade statement to 2.2.6 | |
JE Story submit[edit] |
LFI/RFI | developer states Version 1.8 | ||
FCKeditor[edit] |
File Upload Vulnerability | 230511 | ||
KeyCaptcha[edit] |
ID | 190511 | ||
Ask A Question AddOn v1.1[edit] |
SQLi | 160511 | ||
Global Flash Gallery[edit] |
flash-gallery.com xss | 130511 | dev release 0.5.0 statement | |
com_google[edit] |
LFI com_google | 080511 | devs update to 1.5.1 | |
docman[edit] |
com-docman Input Validation Error | 160511 | devs resolution statement, report for old version | |
Newsletter Subscriber[edit] |
XSS | 120511 | Deveopler update | |
Akeeba[edit] |
akkeba backup and joomlapack | 170411 | dev update to 3.2.7 | |
Facebook Graph Connect[edit] |
SID. call home device with user credentials | 120411 | dev update notice | |
booklibrary[edit] |
SQLi ordasoft booklibrary | 180311 | developer upgrade instructions | |
semantic[edit] |
com semantic http://www.scms.es/joomla creates hidden admin users | 150311 | ||
JOMSOCIAL 2.0.x 2.1.x[edit] |
SID, open folders | 120311 | ||
flexicontent[edit] |
forced 777, malicious files | 250311 | devs resolve statement, Changelog | |
jLabs Google Analytics Counter[edit] |
jLabs Google Analytics Counter SID | |||
xcloner[edit] |
Unspecified | 260211 | dev announcement of security release | |
smartformer[edit] |
RFI | 230211 (repeat of 041110) | v2.4.1 security fix for Joomla 1.5.x | |
xmap 1.2.10[edit] |
Malicious payload in zip | 230211 | developer resolution notice Clean version available from joomlacode | |
Frontend-User-Access 3.4.1[edit] |
Frontend-User-Access 3.4.1 from http://www.pages-and-items.com LFI | 030211 | update to Frontend-User-Access 3.4.2 | |
com properties 7134[edit] |
http://com-property.com/ malicious files in script | Dev update statement | ||
B2 Portfolio[edit] |
B2 portfolio 1.0 SQLi pulseextensions.com | 250111 | ||
allcinevid[edit] |
SQLI http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/15367 | 220111 | Developers resolution notice | |
People Component[edit] |
People component http://www.ptt-solution.com/vmchk/people-component.html sqli | 150111 | ||
Jimtawl[edit] |
Jimtawl LFI | 251110 | ||
Maian Media SILVER[edit] |
Maian Media SQLi | 151110 | Developer states unproven in free edition, paid/SILVER version is being upgraded. dev article | |
alfurqan[edit] |
alfurqan 1.5 sqli | 151110 | developer update statement | |
ccboard[edit] |
ccboard XSS and SQLi | 131110 | on my site at [1] Please find the respective update information | |
ProDesk v 1.5[edit] |
LFI | 091110 |
| |
sponsorwall[edit] |
SQL injection pulseextensions.com | 011110 | developer resolution notice | |
Flip wall[edit] |
SQL injection pulseextensions.com | 011110 | developer http://demo.pulseextensions.com/flip-wall.html update notice link title | |
Freestyle FAQ 1.5.6[edit] |
http://freestyle-joomla.com/fssdownloads/viewcategory/2 Freestyle FAQ 1.5.6 SQL Injection | new version (1.9.0) is available which fixes the security issues. | ||
iJoomla Magazine 3.0.1[edit] |
iJoomla Magazine 3.0.1 RFI | 090910 | ||
Clantools[edit] |
http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.html clantool sqli | 090910 | ||
jphone[edit] |
jphone LFI | 090910 | ||
PicSell[edit] |
LFD, 777 | 020910 | new version released 150312 version number 11 | |
Zoom Portfolio[edit] |
SID | 020910 | ||
zina[edit] |
SQL Injection | 020910 | ||
Team's[edit] |
Teams extension SQL Injection | 120810 | ||
Amblog[edit] |
Amblog SQLi | 120810 | ||
[edit] |
||||
[edit] |
||||
wmtpic[edit] |
www.webmaster-tips.net various | 010710 |
| |
Jomtube[edit] |
http://www.jomtube.com/ SID | 220710 | ||
Rapid Recipe[edit] |
http://www.rapid-source.com Persistent XSS Vulnerability last known fix version 1.7.2 | july 10,2010 | ||
Health & Fitness Stats[edit] |
http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Persistent XSS Vulnerability july 10,2010 | |||
staticxt[edit] |
http://extensions.joomla.org/extensions/edition/custom-code-in-content/2184 no version number provided |
| ||
quickfaq[edit] |
http://www.schlu.net sqli | 090710 | ||
Minify4Joomla[edit] |
http://waltercedric.com/ LFI and xss | 090710 | No longer available to download | |
IXXO Cart[edit] |
http://www.php-shop-system.com/ SQLi LFI XSS Vulnerability | developer resolution notice | ||
PaymentsPlus[edit] |
http://paymentsplus.com.au/ 2.1.5 Blind SQL Injection Vulnerability | 090710 | current version 2.20, 2.1.5 not listed on dev site | |
ArtForms[edit] |
http://joomlacode.org/gf/project/jartforms/ ArtForms 2.1b7.2 RC2 Multiple Remote Vulnerabilities | 090710 | Old beta extension | |
autartimonial[edit] |
autartica.be Sqli Vulnerability | 060710 |
| |
eventcal 1.6.4[edit] |
http://joomlacode.org/gf/project/eventcal/frs/ SQL I last update 2006-12-31 on joomlacode | 040710 |
| |
date converter[edit] |
http://sourceforge.net/projects/date-converter/ sqli | 010710 |
| |
real estate[edit] |
http://www.opensourcetechnologies.com/demos/real-estate.html RFI | 210610 |
| |
cinema[edit] |
SQL injection | 190610 | ||
Jreservation[edit] |
http://jforjoomla.com/ SQLi Vulnerability | 190610 | ||
joomdocs[edit] |
http://joomclan.com/index.php/JoomDocs/ xss vulnerability | 190610 | ||
Live Chat[edit] |
http://www.joompolitan.com/livechat.html Multiple Remote Vulnerabilities | 190610 | ||
Turtushout 0.11[edit] |
http://www.turtus.org.ua/files?func=fileinfo&id=13 SQL Injection (again) | 190610 | ||
BF Survey Pro Free[edit] |
BF Survey Pro Free SQL Injection Exploit | 190610 | Product marker as retired by the developer | |
MisterEstate[edit] |
http://www.misterestate.com/ Blind SQL Injection Exploit | 190610 | ||
RSMonials[edit] |
http://www.rswebsols.com/downloads/category/14-download-rsmonials-all?download=23%3Adownload-rsmonials-component XSS Exploit | 190610 | Believed to be 1.5.1 version
| |
Answers v2.3beta[edit] |
Multiple Vulnerabilities http://extensions.joomla.org/extensions/communication/forum/12652 | 180610 | ||
Gallery XML 1.1[edit] |
Multiple Vulnerabilities
http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/12504 |
180610 | ||
JFaq 1.2[edit] |
JFaq 1.2 Multiple Vulnerabilities | 180610 | ||
Listbingo 1.3[edit] |
Multiple Vulnerabilities
http://extensions.joomla.org/extensions/ads-a-affiliates/classified-ads/12062 |
180610 | ||
Alpha User Points[edit] |
www.alphaplug.com LFI | 180610 | ||
recruitmentmanager[edit] |
http://recruitment.focusdev.co.uk Upload Vulnerability | 130610 | ||
Info Line (MT_ILine)[edit] |
http://extensions.joomla.org/extensions/news-display/news-tickers-a-scrollers/8425 reports of shell scripts in download file | 120610 |
| |
Ads manager Annonce[edit] |
http://joomla.clubnautiquemarine.fr/
Upload Vulnerability |
05/06/10 | ||
lead article[edit] |
http://www.leadya.co.il/ SQLi | 050610 | ||
djartgallery[edit] |
http://www.design-joomla.eu Multiple Vul | 05/06/10 | ||
Gallery 2 Bridge[edit] |
g2bridge LFI vulnerability | |||
jsjobs[edit] |
jsjobs SQL Injection Vulnerability | |||
[edit] |
||||
JE Poll[edit] |
http://slideshow.joomlaextensions.co.in/ SQL Injection Vulnerability | |||
MediQnA[edit] |
MediQnA LFI vulnerability version : v1.1 | |||
JE Job[edit] |
http://joomlaextensions.co.in/ LFI SQLi | |||
[edit] |
||||
SectionEx[edit] |
Stack Ideas section Ex LFI | |||
ActiveHelper LiveHelp[edit] |
XSS in LiveHelp | 200510 | ||
JE Quotation Form[edit] |
http://joomlaextensions.co.in/free-download/doc_download/11-je-quotation-form.html LFI | developers statement of resolution note, now known as JE Quote Form | ||
konsultasi[edit] |
SQL Injection Vulnerability | |||
Seber Cart[edit] |
Local File Disclosure Vulnerability | Developer Update 140510 | ||
Camp26 Visitor[edit] |
RFI www.camp26.biz |
| ||
JE Property[edit] |
JE Property Finder Upload Vulnerability | |||
Noticeboard[edit] |
Noticeboard for Joomla "controller" Local File Inclusion Vulnerability | |||
SmartSite[edit] |
SmartSite com_smartsite Local File Inclusion Vulnerability | |||
htmlcoderhelper graphics[edit] |
htmlcoderhelper graphics v1.0.6 LFI Vulnerability | |||
Ultimate Portfolio[edit] |
Ultimate Portfolio Local File Inclusion Vulnerability | |||
Archery Scores[edit] |
Archery Scores (com_archeryscores) v1.0.6 LFI Vulnerability | 210410 | ||
ZiMB Manager[edit] |
Joomla Component ZiMB Manager Local File Inclusion Vulnerability | 210410 | ||
Matamko[edit] |
Matamko Local File Inclusion Vulnerability | 210410 | ||
Multiple Root[edit] |
Multiple Root Local File Inclusion Vulnerability http://joomlacomponent.inetlanka.com/ | |||
Multiple Map[edit] |
Multiple Map Local File Inclusion Vulnerability joomlacomponent.inetlanka.com | |||
Contact Us Draw Root Map[edit] |
Draw Root Map Local File Inclusion Vulnerability joomlacomponent.inetlanka.com | |||
iF surfALERT[edit] |
iF surfALERT Local File Inclusion Vulnerability | |||
GBU FACEBOOK[edit] |
GBU FACEBOOK SQL injection vulnerability http://www.gbugrafici.nl/gbufacebook/ | |||
jnewspaper[edit] |
jnewspaper (cid) SQL Injection Vulnerability |
| ||
[edit] |
||||
MT Fire Eagle[edit] |
LFI http://joomlacode.org/gf/project/jfireeagle/frs/ http://www.moto-treks.com | 190410 | product considered retired and to be replaced by dev | |
Sweetykeeper[edit] |
Sweetykeeper Local File Inclusion Vulnerability http://www.joomlacorner.com/ | 120410 | ||
jvehicles[edit] |
SQL Injection http://jvehicles.com | 120410 | ||
worldrates[edit] |
http://dev.pucit.edu.pk/ | 120410 | ||
cvmaker[edit] |
http://dev.pucit.edu.pk/ | |||
advertising[edit] |
http://dev.pucit.edu.pk/ | |||
horoscope[edit] |
http://dev.pucit.edu.pk/ | 120410 | ||
webtv[edit] |
http://dev.pucit.edu.pk/ | 120410 | ||
diary[edit] |
http://dev.pucit.edu.pk/ | 120410 | ||
Memory Book[edit] |
http://dev.pucit.edu.pk/ | 120410 | ||
JprojectMan[edit] |
LFI http://extensions.joomla.org/extensions/communities-a-groupware/project-a-task-management/5676 | 110410 | ||
econtentsite[edit] |
LFI | 040410 | ||
Jvehicles[edit] |
ID | 040410 | ||
[edit] |
||||
gigcalender[edit] |
SQLi gigcalender | 13 march 2010 | ||
heza content[edit] |
SQLi heza content | 13 march 2010 |
| |
SqlReport[edit] |
Sqlreport has a sql/RFI exploit. awaiting confirmation on exact developer. | Feb 20 | Not Known | |
Yelp[edit] |
SQLi - Unable to locate developer. Possibly a custom extension. | Feb 01 | Not Known | |
[edit] |
<endFeed />
This list is change protected, for updates or additions Mandville or lafrance or PhilD
Codes used[edit]
SQLi - SQL injection wikipedia
LFI - Local File Inclusion scribd
RFI - Remote file inclusion wikipedia
DT - Directory Traversal wikipedia (incl 777 folders)
ID = Information Disclosure: account information or sensitive information publicly viewable, or passed to 3rd party without knowledge
Future Actions & WIP[edit]
RSS feed completed
to feed VEL direct to twitter
Notes[edit]
The RSS feed is currently fed by item entry order and not by date fixed. List as discussed in jtopic:455746 by PhilD editing by Mandville