Web Hosting

Reseller Hosting

VPS Hosting

Dedicated Servers

Domain Names

Help Desk

Web Hosting Tutorials

Contact Us

Client Area

Site Search

Email Tutorial and Setup

WHM Reseller Tutorials

Plesk ASP.NET Tutorials

Plesk 9 Tutorials

Plesk 9 Reseller Tutorials

Windows Plesk Reseller

Windows 2003 Server Tips

Photo Gallery Hosting

Adobe Photoshop Trix

Photoshop CS3 Tutorials

Fireworks CS3 Tips

PHP and MySQL

Fantastico Scripts

Dreamweaver HTML Editor

Free Website Builders

Website Security/Upgrades

Mixed Web News

Search Engine Optimization

Your PC Security

Customer Testimonials

Site Map

Network Speed Test

AUSWEB Blog

Order your hosting or
a dedicated server below

Joomla 3rd Party Extensions Security Vulnerabilities

A vulnerable extension is one that has been found to contain, or contribute to, a security vulnerability.

Vulnerable extensions are not necessarily poorly-coded extensions. As the Web evolves, technical requirements and commonly accepted coding practices also change. Active projects release new versions of their extensions as requirements change. For this reason, it is important to:

Know the version numbers of all installed extensions.
Use only the latest stable version of all extensions.
Completely remove all files of insecure or unused extensions.

To view our Joomla demo site with a custom template installed, please click on the thumbnail to the right. The site also includes other customizations made by our development team including Simple Image Gallery, which is a great way to show off images and create photo galleries withing page content.

This is a list of 3rd party Joomla extensions (components, modules, mambots and plugins) with known vulnerabilities that will allow hackers access to your site. If you are using any of the following compnents please upgrade or remove the component as listed under fix. It is also very important to make sure you are using the latest version of Joomla, currently 1.0.13, as earlier versions have several High Level vulnerabilities. These vulnerabilities dont just effects your website it effects other clients and the entire server as a whole. The current list can be viewed in the Joomla FAQ Section

Name	Versions	Solution	References	Updated
A6MamboCredits com_a6mambocredits	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory Forum Topic	2006
A6MamboHelpDesk com_a6mambohelpdesk	All	Abandoned. Remove completely or use at your own risk.	Forum Topic Secunia Advisory Secunia Advisory	2006
Advanced Poll com_advancedpoll (?)	<= 2.2.0	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
Adobe Acrobat Reader (Not a Joomla! extension, but worth noting.)	<= 7.0.8	Upgrade to latest stable version.	Adobe Advisory	2006
Akocomment	All	SQL Injection with PHP magic_quotes OFF. No upgrade path yet. Fix: Turn PHP magic_quotes ON	Forum Topic	June 30, 2006
Article	<= 1.1	Upgrade to latest stable version.	milwOrm Advisory FrSIRT Advisory Forum Topic	26 June 2007
ArtLinks com_artlinks	All	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
AutoStand	<= 1.1	No further information at this time.	milwOrm Advisory FrSIRT Advisory Forum Topic	26 June 2007
Bayesian Naive Filter com_bayesiannaivefilter	<= 1.1	No Fix Available. Disable or remove until a fix is available.	Forum Topic	2006
BigApe Backup com_babackup	All	A patch is available from the developer. See this post.	Secunia Advisory Forum Topic	2006
BSQ Site Stats com_bsqsitestats	<= 2.2.1	Upgrade to latest stable version.	Forum Topic Secunia Advisory	2006
Car Manager	<= 1.1	No further information at this time.	Forum Topic	26 June 2007
Classifieds com_classifieds	<= 1.3	Upgrade to latest stable version.	Forum Topic	2006
Colophon com_colophon	<= 1.2	Upgrade to latest stable version.	Secunia Advisory Forum Topic	2006
Community Builder com_profiler	<= 1.0.0	Upgrade to latest stable version. See here for a fix for register_globals = off	Jomopolis Topic Forum Topic Forum Topic	2006
Events com_events	<= 1.3 Beta	Upgrade to latest stable version.	Forum Topic	2006
Expose Flash Gallery	RC4	Download patch	Forum Topic	20 July 2007
ExtCalendar com_extcalendar	<= 0.9.1	Upgrade to version 0.9.2. See this post for details. Also check the new forked project, JCal.	Secunia Advisory Forum Topic Forum Topic Forum Topic	2006
Facile Forms com_facileforms	<= 1.4.6	Upgrade to latest stable version.	Forum Topic	2006
Galleria com_galleria	All	Abandoned. Remove completely or use at your own risk.	NVD Advisory Forum Topic	2006
Gmaps com_gmaps	<=1.01	Upgrade to the latest version, which can be downloaded here	Security Focus Advisory	6 August 2007
Hash Cash com_hashcash	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory	2006
Hot Property com_hotproperties (?)	<= 0.97	Upgrade to latest stable version.	No references available at this time.	2006
JCE com_jce	<= 1.0.4	Apply patch, download it here, or use latest stable version.	Secunia Advisory Cellardoor Secunia Advisory	2006
JoomlaPack com_jpack	1.0.4a2 RE	Upgrade to latest stable version.	MilwOrm Advisory FrSIRT Advisory	2006
JoomlaBoard com_joomlaboard	<= 1.1.1	Upgrade to latest stable version. RG_EMULATION Fix	Secunia Advisory Forum Topic Forum Topic	2006
JoomlaLib com_joomlalib	<= 1.2.1	Upgrade to latest stable version.	Forum Topic	2006
JD-WordPress com_jd-wp	<= 2.0-1.0 RC2	Patch Available. See this post.	Forum Topic	2006
JD-Wiki com_jd-wiki	All	Abandoned project. Upgrade to nuWiki	Forum Topic Forum Topic	6 July 2007
JIM 1.0.1. (PMS) com_jim	1.0.1	Upgrade to latest stable version. The developer fixed security issues but didn't create a higher version number.	Secunia Advisory	2006
jPack com_jpack	< 1.0.4-b1	Upgrade to latest stable version.	Forum Topic	26 June 2007
Link Directory com_linkdirectory	All	Remove. Abandoned project.	No references.	2006
Letterman mod_letterman	<= 1.2.4	Upgrade to latest stable version.	Forum Topic	May 2007
LMO com_lmo	<= 1.0b2	Upgrade to latest stable version.	FrSIRT Advisory Forum Topic	2006
LoudMouth com_loudmouth	<= 4.0j	Upgrade to version 4.1 then apply Security Patch 1. Download here.	Forum Topic MamboExchange Advisory	2006
MamCom (?) com_trade	All	Abandoned. Remove completely or use at your own risk.	Unconfirmed	2006
MambelFish 1.x com_mambelfish	<= 1.x	Upgrade to 1.5 (or to Joom!Fish) Download Mambelfish Download Joom!Fish	Secunia Advisory	2006
Mambo Gallery Manager com_mgm	All	Abandoned. Remove completely or use at your own risk.	Forum Topic FrSIRT Advisory	2006
MiniBB com_minibb	<= 1.5a	Abandoned. Remove completely or use at your own risk.	Security Reason Advisory Forum Topic Security Reason	2006
Mos Tree com_mtree	<= 1.5.8	Upgrade to latest stable version.	Forum Topic	2006
MosMedia com_mosmedia	<= 1.0.8	Temporary Fix Available. See this thread for details.	Forum Topic	2006
MoSpray com_mospray	<= 1.8 RC1	Abandoned. Remove completely or use at your own risk.	Forum Topic	2006
Multibanners com_multibanners * Note: Not the same as the Multibanners Module.	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory Forum Topic	2006
OpenSEF com_sef	<= 2.0.0 RC5 Unpatched	Download patch	Forum Topic	2006
PC Cook Book com_pccookbook	<= 1.3.1	No Fix Available. Disable or remove.	FrSIRT Advisory Forum Topic	2006
Per Forms com_performs	<= v1_beta	Upgrade to latest stable version.	Secunia Advisory Forum Topic Forum Topic	2006
Phil-A-Form	< 1.2	Upgrade to latest version.	Forum Topic	May 2007
People Book com_peoplebook	<= 1.1.5	Upgrade to latest stable version.	Joomla Forge	2006
Prince Clan Chess com_pcchess	<= 0.8	Author suggest manually patching.	See this site.	2006
PollXT com_pollxt	<= 1.22.07	Upgrade to latest stable version.	Secunia Advisory Forum Topic Secunia Advisory	2006
RS Gallery2 com_rsgallery2	<= 1.11.3	Upgrade to latest stable version.	Forum Topic	06
RWCards	< 2.4.4	Upgrade to latest stable version.	Forum Topic	26 June 2007
SEF404x com_sef	All	No Fix Available. Remove completely or use at your own risk.	No references.	2006
sh404SEF>	1.2.4 t, u, or w	Patch or update.	Forum Topic	23 Oct, 2007
SMF Bridge com_smf	<= 1.1.4	Versions other than 1.1RC2. Fix Available. See this thread. Version 1.1RC2 only. Upgrade available. See this thread.	Secunia Advisory Simple Machines Advisory Forum Topic Forum Topic Forum Topic Forum Topic Secunia Advisory	2006
Site Map com_sitemap	All	Abandoned. Remove completely or use at your own risk.	Secunia Advisory Forum Topic Secunia Advisory	2006
SimpleBoard com_simpleboard	All	Upgrade to latest JoomlaBoard. JoomlaBoard is compatible with SimpleBoard. Download here.	Secunia Advisory Secunia Advisory Forum Topic Secunia Advisory	2006
Security Images com_securityimages	<= 3.0.5	Upgrade to latest stable version.	Secunia Advisory Forum Topic	June 2007
TaskHopper com_thopper	<= 1.1	Upgrade to latest version.	Forum Topic	2006
User Home Pages 1 and 2 com_uhp and com_uhp2	<= 1.1.1 (?)	Upgrade to latest stable version.	Forum Topic Secunia Advisory Forum Topic	June 2007
VirtueMart	<= 1.0.11	Upgrade to version 1.1.11 and apply patch. Available here.	Forum Topic	June 2007
WordPress (Not a Joomla! extension, but worth noting.)	2.1.1	Upgrade to latest stable version.	Forum Topic	26 June 2007
zOOm Media Gallery	<= 2.5.1 RC4	Upgrade to latest stable version.	FrSIRT Advisory Forum Topic	2006