Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require()

(2) the $options variable.

(3) Admin Upload Image.

(4) -load()

(5) content submissions when frontpage is selected.

(6) the mosPageNav constructor.

(7) saveOrder functions.

(8) the absence of "exploit blocking rules" in htaccess.

and (9) the ACL.