Acyba Acymailing vulnerabilities
3 known vulnerabilities affecting acyba/acymailing.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2018-9107P3HIGHCVSS 8.8PoC≤ 5.9.52018-03-28
CVE-2018-9107 [HIGH] CWE-1236 CVE-2018-9107: CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the A
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export.
nvd
CVE-2015-7338P3HIGHCVSS 7.2fixed in 4.9.52020-03-09
CVE-2015-7338 [HIGH] CWE-89 CVE-2015-7338: SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocat
SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php.
nvd
CVE-2020-10934P4HIGHCVSS 7.2fixed in 6.9.22020-03-24
CVE-2020-10934 [HIGH] CWE-434 CVE-2020-10934: Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
nvd