CVE-2025-49467

Name of the Vulnerable Software and Affected Versions JEvents component for Joomla versions prior to 3.6.88 JEvents component for Joomla versions prior to 3.6.82.1

Description A SQL injection vulnerability in the JEvents component for Joomla was discovered, allowing unauthorized access to data via dates. The extension is vulnerable to SQL injection via publicly accessible actions to list events by date ranges.

Recommendations For JEvents component for Joomla versions prior to 3.6.88, update to version 3.6.88 or later. For JEvents component for Joomla versions prior to 3.6.82.1, update to version 3.6.82.1 or later. As a temporary workaround, consider restricting access to the publicly accessible actions that list events by date ranges until a patch is available.