PT-2010-2387 · Joomla · Jevents Search Plugin

Published

2010-02-12

Updated

2010-02-15

CVE-2010-0635

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JEvents Search plugin versions 1.5 through 1.5.3 for Joomla!

Description The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php.

Recommendations For JEvents Search plugin versions 1.5 through 1.5.3, consider disabling the onSearch method in the plgSearchEventsearch class until a patch is available. Restrict access to the eventsearch.php file to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2010-0635

Affected Products

Jevents Search Plugin

PT-2010-2387 · Joomla · Jevents Search Plugin

CVE-2010-0635

Weakness Enumeration

Related Identifiers

Affected Products

References · 4