CVE-2025-49468 Information

Description

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.

Reference

https://nobossextensions.com/

Related CNNVD

CNNVD-202506-1768 (Published: 2025-06-13)