SQL Injection in Nobossextensions.com No Boss Calendar Component For Joomla
CVE-2025-49468
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the id_module parameter.
Vulnerability class: SQL Injection
EPSS: 0.004 (33.5th percentile) — read the EPSS interpretation.
Affected products
- Nobossextensions.com No Boss Calendar Component For Joomla — versions 1.0.0-5.0.6
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security@joomla.org (product)
Frequently asked questions
- What is CVE-2025-49468?
- CVE-2025-49468 is a vulnerability in Nobossextensions.com No Boss Calendar Component For Joomla, classified under SQL Injection. Published 2025-06-13.
- Is CVE-2025-49468 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.