Altbta

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jeajaxeventcalendar (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `event id` parameter in an `alleventlist more` action to `index.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com jequoteform version 1.0b1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files and possibly have other unspecified impacts. This is achieved by using a .. (dot dot) in the `view` parameter to the "index.php" endpoint. **Recommendations** For version 1.0b1, as a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available. Avoid using the `view` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CKForms (com ckforms) version 1.3.3 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `fid` parameter in a detail action to "index.php". This can potentially lead to unauthorized access and manipulation of database content. **Recommendations** For CKForms (com ckforms) version 1.3.3, avoid using the `fid` parameter in the detail action to "index.php" until a patch is available. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CKForms (com ckforms) version 1.3.3 for Joomla! **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `controller` parameter to the "index.php" endpoint. **Recommendations** For CKForms (com ckforms) version 1.3.3, consider restricting access to the "index.php" endpoint until a patch is available. As a temporary workaround, avoid using the `controller` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! com photoblog component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the "blog" parameter in an "images" action to "index.php". A separate vector may also exist for the `id` parameter to "detail.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.