ByteOS Network

joomlacalendars

Source -

NVD

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

3Vulnerabilities found

CVE-2018-6395

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-1.41% / 79.75%

7 Day CHG~0.00%

Published-30 Jan, 2018 | 15:00

Updated-05 Aug, 2024 | 06:01

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.

Vendor-joomlacalendars n/a

Product-visual_calendar n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2018-6397

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-17.83% / 94.88%

7 Day CHG~0.00%

Published-30 Jan, 2018 | 15:00

Updated-05 Aug, 2024 | 06:01

Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.

Vendor-joomlacalendars n/a

Product-picture_calendar n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2018-6398

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-1.41% / 79.75%

7 Day CHG~0.00%

Published-30 Jan, 2018 | 15:00

Updated-05 Aug, 2024 | 06:01

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

Vendor-joomlacalendars n/a

Product-event_calendar n/a

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')