← voltar
CVE-2025-49467

Joomla Extension - jevents.net - SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla

CVSS 9.3 CRITICALEPSS 0.3%CWE-89
A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:Y/U:Amber
Produtos afetados
jevents.net / GWE Systems Ltd · JEvents component for Joomla

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jevents.net/