Lucene search

Jnews Security Vulnerabilities - February

cve

CVE-2015-7341

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

8.8CVSS

8.6AI Score

0.001EPSS

2020-03-09 05:15 PM

cve

CVE-2015-7342

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

7.2CVSS

7.5AI Score

0.001EPSS

2020-03-09 05:15 PM

cve

CVE-2015-7343

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

4.8CVSS

4.9AI Score

0.001EPSS

2020-03-09 02:15 PM