Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Joomla! Project — Vulnerabilities & Security Advisories 82

Browse all 82 CVE security advisories affecting Joomla! Project. AI-powered Chinese analysis, POCs, and references for each vulnerability.

The Joomla! Project develops an open-source content management system widely used for building websites and online applications. Historically, its codebase has been associated with numerous security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from insufficient input validation and improper access controls within extensions or core components. With eighty-two recorded CVEs, the project demonstrates a pattern of recurring weaknesses that require diligent patching. While the core framework itself has seen improvements, the extensive ecosystem of third-party extensions frequently introduces additional attack surfaces. Major incidents have highlighted the critical importance of timely updates and secure configuration practices. Administrators must prioritize vulnerability management to mitigate risks, as the platform’s popularity makes it a frequent target for automated exploitation attempts seeking to compromise underlying server infrastructure.

Top products by Joomla! Project: Joomla! CMS Joomla! Framework
CVE IDTitleCVSSSeverityPublished
CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views — Joomla! CMSCWE-613 4.3 -2024-02-20
CVE-2024-21726 [20240205] - Core - Inadequate content filtering within the filter code — Joomla! CMSCWE-79 6.1 -2024-02-20
CVE-2023-40626 [20231101] - Core - Exposure of environment variables — Joomla! CMS 4.0 -2023-11-29
CVE-2023-23754 [20230501] - Core - Open Redirect and XSS within the mfa select — Joomla! CMS 6.1 -2023-05-30
CVE-2023-23755 [20230502] - Core - Bruteforce prevention within the mfa screen — Joomla! CMS 7.5 -2023-05-30
CVE-2023-23752 [20230201] - Core - Improper access check in webservice endpoints — Joomla! CMS 9.1 -2023-02-16
CVE-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs — Joomla! CMS 4.3 -2023-02-01
CVE-2023-23750 [20230101] - Core - CSRF within post-installation messages — Joomla! CMS 8.8 -2023-02-01
CVE-2022-27914 [20221101] - Core - RXSS through reflection of user input in com_media — Joomla! CMS 6.1 -2022-11-08
CVE-2022-27913 [20221002] - Core - RXSS through reflection of user input in headings — Joomla! CMS 6.1 -2022-10-25
CVE-2022-27912 [20221001] - Core - Debug Mode leaks full request payloads including passwords — Joomla! CMS 5.3 -2022-10-25
CVE-2022-27911 [20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check' — Joomla! CMS 5.3 -2022-08-31
CVE-2022-23801 [20220309] - Core - XSS attack vector through SVG — Joomla! CMS 6.1 -2022-03-30
CVE-2022-23800 [20220308] - Core - Inadequate content filtering within the filter code — Joomla! CMS 6.1 -2022-03-30
CVE-2022-23799 [20220307] - Core - Variable Tampering on JInput $_REQUEST data — Joomla! CMS 9.8 -2022-03-30
CVE-2022-23798 [20220306] - Core - Inadequate validation of internal URLs — Joomla! CMS 6.1 -2022-03-30
CVE-2022-23797 [20220305] - Core - Inadequate filtering on the selected Ids — Joomla! CMS 9.8 -2022-03-30
CVE-2022-23796 [20220304] - Core - Missing input validation within com_fields class inputs — Joomla! CMS 6.1 -2022-03-30
CVE-2022-23795 [20220303] - Core - User row are not bound to a authentication mechanism — Joomla! CMS 9.8 -2022-03-30
CVE-2022-23794 [20220302] - Core - Path Disclosure within filesystem error messages — Joomla! CMS 5.3 -2022-03-30
CVE-2022-23793 [20220301] - Core - Zip Slip within the Tar extractor — Joomla! CMS 6.5 -2022-03-30
CVE-2021-26040 [20210801] - Core - Insufficient access control for com_media deletion endpoint — Joomla! CMS 9.1 -2021-08-24
CVE-2021-26039 [20210705] - Core - XSS in com_media imagelist — Joomla! CMS 6.1 -2021-07-07
CVE-2021-26038 [20210704] - Core - Privilege escalation through com_installer — Joomla! CMS 7.5 -2021-07-07
CVE-2021-26037 [20210703] - Core - Lack of enforced session termination — Joomla! CMS 8.2 -2021-07-07
CVE-2021-26036 [20210702] - Core - DoS through usergroup table manipulation — Joomla! CMS 5.3 -2021-07-07
CVE-2021-26035 [20210701] - Core - XSS in JForm Rules field — Joomla! CMS 6.1 -2021-07-07
CVE-2021-26034 [20210503] - Core - CSRF in data download endpoints — Joomla! CMS 8.1 -2021-05-26
CVE-2021-26033 [20210502] - Core - CSRF in AJAX reordering endpoint — Joomla! CMS 8.8 -2021-05-26
CVE-2021-26032 [20210501] - Core - Adding HTML to the executable block list of MediaHelper::canUpload — Joomla! CMS 6.1 -2021-05-26

This page lists every published CVE security advisory associated with Joomla! Project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.