CVE-2018-25319

Name of the Vulnerable Software and Affected Versions Redaxo CMS Addon MyEvents version 2.2.1

Description An SQL injection allows authenticated attackers to manipulate database queries by injecting SQL code. This occurs when sending GET requests to the 'event add.php' page using malicious values in the myevents id parameter, potentially leading to the extraction or modification of sensitive database information.

Recommendations Avoid using the myevents id parameter in the 'event add.php' page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.