Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by jDownloads
CVE-2022-27909 (GCVE-0-2022-27909)
Vulnerability from cvelistv5 – Published: 2022-05-06 17:55 – Updated: 2026-02-25 05:06
VLAI?
Title
Extension - Incorrect Access Control within jdownloads extension
Summary
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
Severity ?
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jDownloads | jDownloads |
Affected:
<=3.9.8.2
|
Date Public ?
2022-05-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jDownloads",
"vendor": "jDownloads",
"versions": [
{
"status": "affected",
"version": "\u003c=3.9.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Massimo Chiriv - HackerHood Team Research"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T05:06:05.403Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "Extension - Incorrect Access Control within jdownloads extension",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2022-05-06T18:00:00",
"ID": "CVE-2022-27909",
"STATE": "PUBLIC",
"TITLE": "Extension - Incorrect Access Control within jdownloads extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jDownloads",
"version": {
"version_data": [
{
"version_value": "\u003c=3.9.8.2"
}
]
}
}
]
},
"vendor_name": "jDownloads"
}
]
}
},
"credit": "Massimo Chiriv - HackerHood Team Research",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html",
"refsource": "MISC",
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"name": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/",
"refsource": "MISC",
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2022-27909",
"datePublished": "2022-05-06T17:55:12.660Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2026-02-25T05:06:05.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-19455 (GCVE-0-2020-19455)
Vulnerability from cvelistv5 – Published: 2020-09-25 15:17 – Updated: 2024-08-04 14:08
VLAI?
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T15:17:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19455",
"datePublished": "2020-09-25T15:17:19.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19451 (GCVE-0-2020-19451)
Vulnerability from cvelistv5 – Published: 2020-09-25 14:26 – Updated: 2024-08-04 14:08
VLAI?
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T14:26:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19451",
"datePublished": "2020-09-25T14:26:42.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19450 (GCVE-0-2020-19450)
Vulnerability from cvelistv5 – Published: 2020-09-25 14:16 – Updated: 2024-08-04 14:08
VLAI?
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T19:07:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19450",
"datePublished": "2020-09-25T14:16:38.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19447 (GCVE-0-2020-19447)
Vulnerability from cvelistv5 – Published: 2020-09-24 18:02 – Updated: 2024-08-04 14:08
VLAI?
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T18:02:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19447",
"datePublished": "2020-09-24T18:02:34.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10068 (GCVE-0-2018-10068)
Vulnerability from cvelistv5 – Published: 2018-04-12 18:00 – Updated: 2024-08-05 07:32
VLAI?
Summary
The jDownloads extension before 3.2.59 for Joomla! has XSS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The jDownloads extension before 3.2.59 for Joomla! has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jDownloads extension before 3.2.59 for Joomla! has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html",
"refsource": "MISC",
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"name": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting",
"refsource": "MISC",
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10068",
"datePublished": "2018-04-12T18:00:00.000Z",
"dateReserved": "2018-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:32:01.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}