Search criteria
6 vulnerabilities by jDownloads
CVE-2022-27909 (GCVE-0-2022-27909)
Vulnerability from cvelistv5 – Published: 2022-05-06 17:55 – Updated: 2026-02-25 05:06
VLAI
Title
Extension - Incorrect Access Control within jdownloads extension
Summary
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
Severity
No CVSS data available.
CWE
- Incorrect Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.jdownloads.com/index.php/downloads/do… | x_refsource_MISCvendor-advisory |
| https://hackerhood.redhotcyber.com/cve-2022-27909… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| jDownloads | jDownloads |
Affected:
<=3.9.8.2
|
Date Public
2022-05-06 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:41:10.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jDownloads",
"vendor": "jDownloads",
"versions": [
{
"status": "affected",
"version": "\u003c=3.9.8.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Massimo Chiriv - HackerHood Team Research"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Access Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T05:06:05.403Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"vendor-advisory"
],
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
],
"title": "Extension - Incorrect Access Control within jdownloads extension",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@joomla.org",
"DATE_PUBLIC": "2022-05-06T18:00:00",
"ID": "CVE-2022-27909",
"STATE": "PUBLIC",
"TITLE": "Extension - Incorrect Access Control within jdownloads extension"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jDownloads",
"version": {
"version_data": [
{
"version_value": "\u003c=3.9.8.2"
}
]
}
}
]
},
"vendor_name": "jDownloads"
}
]
}
},
"credit": "Massimo Chiriv - HackerHood Team Research",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla component \u0027jDownloads 3.9.8.2 Stable\u0027 the remote user can change some parameters in the address bar and see the names of other users\u0027 files"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html",
"refsource": "MISC",
"url": "https://www.jdownloads.com/index.php/downloads/download/57-jdownloads-3-9.html"
},
{
"name": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/",
"refsource": "MISC",
"url": "https://hackerhood.redhotcyber.com/cve-2022-27909-jdownloads/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2022-27909",
"datePublished": "2022-05-06T17:55:12.660Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2026-02-25T05:06:05.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-19455 (GCVE-0-2020-19455)
Vulnerability from cvelistv5 – Published: 2020-09-25 15:17 – Updated: 2024-08-04 14:08
VLAI
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T15:17:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19455",
"datePublished": "2020-09-25T15:17:19.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19451 (GCVE-0-2020-19451)
Vulnerability from cvelistv5 – Published: 2020-09-25 14:26 – Updated: 2024-08-04 14:08
VLAI
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T14:26:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19451",
"datePublished": "2020-09-25T14:26:42.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19450 (GCVE-0-2020-19450)
Vulnerability from cvelistv5 – Published: 2020-09-25 14:16 – Updated: 2024-08-04 14:08
VLAI
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T19:07:35.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19450",
"datePublished": "2020-09-25T14:16:38.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19447 (GCVE-0-2020-19447)
Vulnerability from cvelistv5 – Published: 2020-09-24 18:02 – Updated: 2024-08-04 14:08
VLAI
Summary
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:08:30.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T18:02:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-09870"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19447",
"datePublished": "2020-09-24T18:02:34.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T14:08:30.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10068 (GCVE-0-2018-10068)
Vulnerability from cvelistv5 – Published: 2018-04-12 18:00 – Updated: 2024-08-05 07:32
VLAI
Summary
The jDownloads extension before 3.2.59 for Joomla! has XSS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.jdownloads.com/index.php/news/264-jdow… | x_refsource_MISC |
| https://www.exploit-db.com/exploits/44471/ | exploitx_refsource_EXPLOIT-DB |
| https://vel.joomla.org/resolved/2150-jdownloads-3… | x_refsource_MISC |
Date Public
2018-04-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The jDownloads extension before 3.2.59 for Joomla! has XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-19T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The jDownloads extension before 3.2.59 for Joomla! has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html",
"refsource": "MISC",
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"name": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting",
"refsource": "MISC",
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10068",
"datePublished": "2018-04-12T18:00:00.000Z",
"dateReserved": "2018-04-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:32:01.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}