A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://jevents.net/ |
Configurations
No configuration.
History
12 Jun 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-12 16:15
Updated : 2025-06-12 16:15
NVD link : CVE-2025-49467
Mitre link : CVE-2025-49467
CVE.ORG link : CVE-2025-49467
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')