Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
6AI Score
0.014EPSS
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) c...
8.9AI Score
0.009EPSS
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
7.5CVSS
7.6AI Score
0.02EPSS
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
8.1CVSS
8.2AI Score
0.006EPSS
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
9.8CVSS
9.4AI Score
0.002EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
6.1CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
8.8CVSS
8.6AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS