A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://nobossextensions.com/ |
Configurations
No configuration.
History
13 Jun 2025, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-13 10:15
Updated : 2025-06-13 10:15
NVD link : CVE-2025-49468
Mitre link : CVE-2025-49468
CVE.ORG link : CVE-2025-49468
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')