Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

- Affected versions: version 2.5.96 is vulnerable. Other versions might be affected as well. - Author: Matias Fontanini == Vulnerabilities == When using the "category" view, the component does not correctly sanitize the "filter_order" and "filter_order_Dir" p

PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities

vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerabilities == When performing POST requests to /user/browse/view_/, the "search[gender]" and "search[sort_by]" parameters are not correctly sanitized before being used to c

Joomla! redSHOP component v1.2 SQL Injection

: version 1.2 is vulnerable. Other versions might be affected as well. - Vulnerability discovered by: Matias Fontanini == Vulnerability == When using the "addtocompare" task, the component does not correctly sanitize the "pid" parameter before using it to construct SQL queries, mak

Joomla! VirtueMart component <= 2.0.22a - SQL Injection

and 2.0.22a are vulnerable. - Vulnerability discovered by: Matias Fontanini == Vulnerability == The vulnerability is located in the "user" controller, "removeAddressST" task. The "virtuemart_userinfo_id" parameter is not properly sanitized before being used in the "D

Joomla! JomSocial component < 3.1.0.1 - Remote code execution

.6 and < 3.1.0.1 are vulnerable. - Vulnerability discovered by: Matias Fontanini and Gaston Traberg == Vulnerability == The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanit