SQL Injection in Jevents.net / Gwe Systems Ltd Jevents Component For Joomla

CVE-2025-49467

A SQL injection vulnerability in JEvents component before 3.6.88 and 3.6.82.1 for Joomla was discovered. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.

Vulnerability class: SQL Injection

EPSS: 0.003 (19.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References