2 matches found
CVE-2015-7338
The CVE refers to an SQL Injection in the AcyMailing Joomla Component prior to version 4.9.5, triggered by an exportgeolocorder parameter in a geolocation_longitude request to index.php. The vulnerability affects the component used within Joomla installations and can allow an attacker to manipula...
CVE-2020-10934
CVE-2020-10934 affects the Joomla! plugin "AcyMailing" prior to version 6.9.2. The root cause is mishandling of file uploads by admins, allowing an attacker to upload arbitrary files (CWE-434) and potentially execute arbitrary PHP code. Affected software: AcyMailing; vulnerable component: file up...