OWASP Joomla Vulnerability Scanner Limitations

Limitations on Current Release
If deduced version is not available, it then cannot verify the vulnerability
 * The vulnerability database still lacks of unknown exploit checks. If the exploit check is not available, the scanner verify based on deduced version.
 * The Scanner lacks IDS evasion bypass
 * The Scanner lacks sophisticated fuzzing
 * The Scanner is not a full fledged SQL Injection tool