CNNVD-202506-1691 Information

CNNVD ID

CNNVD-202506-1691

Related CVE

CVE-2025-49467

• CNNVD Published: 2025-06-12

Description (Chinese)

GWE JEvents是英国GWE公司的一款用于Joomla!的插件。 GWE JEvents 3.6.88之前版本和3.6.82.1版本存在SQL注入漏洞，该漏洞源于公开可访问的日期范围查询功能存在SQL注入。

Description (English)

GWE Jevents is a plug-in for Joomla! The previous version of GWE Jevents 3.6.88 and version 3.6.82.1 had an injection loophole in SQL, which originated from the open and accessible date range query function in SQL.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

GWE

Published

2025-06-12

Last Modified

2026-02-24

References

https://jevents.net/ https://access.redhat.com/security/cve/cve-2025-49467 https://nvd.nist.gov/vuln/detail/CVE-2025-49467