SQL Injection in Jevents.net / Gwe Systems Ltd Jevents Component For Joomla
CVE-2025-49467
A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.
Vulnerability class: SQL Injection
EPSS: 0.003 (19.1th percentile) — read the EPSS interpretation.
Affected products
- Jevents.net / Gwe Systems Ltd Jevents Component For Joomla — versions 1.0.0-3.6.82, 3.6.82.1, 3.6.83-3.6.87
Weakness classification (CWE)
References
- security@joomla.org (product)