Fl0Rix

**Name of the Vulnerable Software and Affected Versions** Joomla! com slideshow component (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in the `index.php` API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! Club Manager (com clubmanager) component (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cm id` parameter in an equip presenta action to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! com ccinvoices component (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in a `viewInv` action to `index.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pulse Infotech Flip Wall (com flipwall) component version 1.1 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in the "index.php" endpoint. **Recommendations** For Pulse Infotech Flip Wall (com flipwall) component version 1.1, consider restricting access to the `catid` parameter in the "index.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com bfsurvey (affected versions not specified) **Description** A directory traversal issue exists in the BF Survey component for Joomla!, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! com jembed component (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `catid` parameter in a summary action to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! TPJobs (com tpjobs) component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id c[]` parameter in a `resadvsearch` action to "index.php". **Recommendations** For the affected version, consider restricting access to the `resadvsearch` action in "index.php" to minimize the risk of exploitation. Avoid using the `id c[]` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com abbrev version 1.1 **Description** A directory traversal issue in the Abbreviations Manager component allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `controller` parameter to `index.php`. **Recommendations** For version 1.1 of the com abbrev component, consider disabling the vulnerable component until a patch is available. Restrict access to the `index.php` endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** com if nexus version 1.5 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". This is a directory traversal vulnerability in the inertialFATE iF Portfolio Nexus component for Joomla!. **Recommendations** For version 1.5, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** com hotbrackets (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the `/index.php` API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! (affected versions not specified) **Description** A directory traversal issue exists in the JCollection component for Joomla!, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PerchaGallery (com perchagallery) component versions prior to 1.5b for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in an `editunidad` action to `index.php`. **Recommendations** For versions prior to 1.5b, update to version 1.5b or later to resolve the issue. As a temporary workaround, consider restricting access to the `index.php` endpoint for the `editunidad` action until the update is applied. Avoid using the `id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! com libros (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a detail action to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! (affected versions not specified) **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `artid` parameter in a display action to the "index.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! BeeHeard component versions 1.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `category id` parameter in a suggestions action to the "index.php" endpoint. **Recommendations** For Joomla! BeeHeard component version 1.x, consider restricting access to the vulnerable `category id` parameter in the suggestions action to minimize the risk of exploitation. Avoid using the `category id` parameter in the affected endpoint until the issue is resolved.