OWASP Joomla Vulnerability Scanner Limitations

Limitations on Current Release

 * The vulnerability database still lacks of unknown exploit checks. If the exploit check is not available, the scanner cannot verify the vulnerability.
 * The Scanner lacks IDS evasion bypass
 * The Scanner lacks sophisticated fuzzing
 * The Scanner is not a full fledged SQL Injection tool