Eventum Security Vulnerabilities

CVE-2018-11569

Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version...

CVE-2018-12623

An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page...

CVE-2018-12627

An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues...

CVE-2018-12622

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name...

CVE-2018-12625

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values...

CVE-2018-12626

An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat...

CVE-2018-12628

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin...

CVE-2018-12621

An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page...

CVE-2018-12624

An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix...

CVE-2018-16761

Eventum before 3.4.0 has an open redirect...

CVE-2014-1632

htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname...

CVE-2014-1631

Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to...

CVE-2005-2467

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to...

CVE-2005-2468

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6).....