SQL Injection in Nobossextensions.com No Boss Calendar Component For Joomla

CVE-2025-49468

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.

Vulnerability class: SQL Injection

EPSS: 0.004 (33.5th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-49468?
CVE-2025-49468 is a vulnerability in Nobossextensions.com No Boss Calendar Component For Joomla, classified under SQL Injection. Published 2025-06-13.
Is CVE-2025-49468 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.