CVE-2018-25076

Name of the Vulnerable Software and Affected Versions Events Extension on BigTree (affected versions not specified)

Description A critical issue was found in the Events Extension, affecting the getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and searchResults functions of the file classes/events.php. This issue leads to sql injection.

Recommendations Apply the patch named 11169e48ab1249109485fdb1e0c9fca3d25ba01d to fix this issue. As a temporary workaround, consider disabling the affected functions until the patch is applied. Restrict access to the vulnerable file classes/events.php to minimize the risk of exploitation.