- Description
- A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
- Source
- security@joomla.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Amber
- Severity
- CRITICAL
- security@joomla.org
- CWE-89
- Hype score
- Not currently trending
🚨 Critical SQL injection in Joomla JEvents (CVE-2025-49467). Affects v1.0.0–3.6.87. No active exploits yet—update ASAP! Details: https://t.co/OrjpZtRYdc #OffSeq #Joomla #SQLInjection https://t.co/prQege4hb5
@offseq
12 Jun 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-49467 A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly acc… https://t.co/M5k3p2k7KN
@CVEnew
12 Jun 2025
222 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-49467: CRITICAL] Critical SQL injection vulnerability found in JEvents component for Joomla versions before 3.6.88 and 3.6.82.1, allowing unauthorized access to data via dates. #CyberSecurity#cve,CVE-2025-49467,#cybersecurity https://t.co/BRU5Vfaw5T https://t.co/KJzmy8L
@CveFindCom
12 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes