JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
8.8CVSS
8.6AI Score
0.001EPSS
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
7.2CVSS
7.5AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS