8 matches found
EUVD-2025-18260
Malicious code in bioql PyPI...
CVE-2025-49468
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...
CVE-2025-49468
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...
CVE-2025-49468
The CVE-2025-49468 entry describes a SQL injection in the No Boss Calendar Joomla extension (versions prior to 5.0.7). The vulnerability allows remote authenticated users to execute arbitrary SQL via the id_module parameter. Impact is reported as high for confidentiality, integrity, and availabil...
CVE-2025-49468 Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...
CVE-2025-49468 Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla
A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...
PT-2025-25403 · Unknown · No Boss Calendar
Name of the Vulnerable Software and Affected Versions: No Boss Calendar component versions prior to 5.0.7 Description: A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the id module parameter. Recommendations: For versions prior to 5.0.7, update to...
No Boss Calendar SQL注入漏洞
No Boss Calendar is a Joomla calendar plugin from Brazilian company No Boss. A SQL injection vulnerability exists in No Boss Calendar versions prior to 5.0.7, which stems from an SQL injection in the idmodule parameter...