harmistechnology 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、パス処理の欠陥, and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure、ファイル上書き, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-9922 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | [email protected] | 7.5 | 10.59% | 2019-03-29 | 2024-11-21 |
| CVE-2019-9921 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | [email protected] | 6.5 | 1.13% | 2019-03-29 | 2024-11-21 |
| CVE-2019-9920 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | [email protected] | 8.8 | 1.34% | 2019-03-29 | 2024-11-21 |
| CVE-2019-9919 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS. | [email protected] | 5.4 | 0.68% | 2019-03-29 | 2024-11-21 |
| CVE-2019-9918 | An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database. | [email protected] | 9.1 | 1.28% | 2019-03-29 | 2024-11-21 |
| CVE-2018-12254 | router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI. | [email protected] | 8.8 | 2.62% | 2018-06-12 | 2024-11-21 |
| CVE-2018-7315 | SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. | [email protected] | 9.8 | 2.80% | 2018-02-22 | 2024-11-21 |
| CVE-2012-5230 | Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | [email protected] | 7.5 | 1.31% | 2012-10-01 | 2026-04-29 |
| CVE-2010-5028 | SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | [email protected] | 7.5 | 9.25% | 2011-11-02 | 2026-04-29 |
| CVE-2010-5022 | SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | [email protected] | 7.5 | 0.93% | 2011-11-02 | 2026-04-29 |
| CVE-2010-4865 | SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | [email protected] | 7.5 | 1.62% | 2011-10-05 | 2026-04-29 |
| CVE-2010-4862 | SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | [email protected] | 7.5 | 1.05% | 2011-10-05 | 2026-04-29 |
| CVE-2010-4720 | SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. | [email protected] | 7.5 | 1.72% | 2011-02-01 | 2026-04-29 |
| CVE-2010-4517 | SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | [email protected] | 6.8 | 0.83% | 2010-12-09 | 2026-04-29 |
| CVE-2010-4365 | SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | [email protected] | 7.5 | 1.00% | 2010-12-01 | 2026-04-29 |
| CVE-2010-2680 | Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. | [email protected] | 6.8 | 4.85% | 2010-07-12 | 2026-04-29 |
| CVE-2010-2613 | Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php. | [email protected] | 4.3 | 1.44% | 2010-07-02 | 2026-04-29 |
| CVE-2010-2513 | SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | [email protected] | 7.5 | 0.97% | 2010-06-28 | 2026-04-29 |
| CVE-2010-2129 | Directory traversal vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.1 and 1.0.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOTE: some of these details are obtained from third party information. | [email protected] | 6.8 | 5.00% | 2010-06-01 | 2026-04-29 |
| CVE-2010-2128 | Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | [email protected] | 7.5 | 15.82% | 2010-06-01 | 2026-04-29 |