cbcvebase.

Eventum Project Eventum vulnerabilities

12 known vulnerabilities affecting eventum_project/eventum.

Total CVEs
12
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2014-1632P2HIGHCVSS 8.1PoCfixed in 2.3.52018-01-31
CVE-2014-1632 [HIGH] CWE-275 CVE-2014-1632: htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitra htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
nvd
CVE-2014-1631P2HIGHCVSS 7.5PoCfixed in 2.3.52018-01-31
CVE-2014-1631 [HIGH] CWE-275 CVE-2014-1631: Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /set Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
nvd
CVE-2018-11569P3CRITICALCVSS 9.8≥ 3.5.0, < 3.5.22019-09-05
CVE-2018-11569 [CRITICAL] CWE-502 CVE-2018-11569: Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. F Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
nvd
CVE-2018-16761P4MEDIUMCVSS 6.1PoCfixed in 3.4.02018-09-09
CVE-2018-16761 [MEDIUM] CWE-601 CVE-2018-16761: Eventum before 3.4.0 has an open redirect vulnerability. Eventum before 3.4.0 has an open redirect vulnerability.
nvd
CVE-2018-12628P3HIGHCVSS 8.8≤ 3.5.02019-07-10
CVE-2018-12628 [HIGH] CWE-352 CVE-2018-12628: An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another us An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
nvd
CVE-2018-12621P4MEDIUMCVSS 6.1v3.5.02019-07-05
CVE-2018-12621 [MEDIUM] CWE-601 CVE-2018-12621: An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_pa An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
nvd
CVE-2018-12623P4MEDIUMCVSS 6.1≤ 3.5.02019-07-10
CVE-2018-12623 [MEDIUM] CWE-79 CVE-2018-12623: An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
nvd
CVE-2018-12626P4MEDIUMCVSS 6.1≤ 3.5.02019-07-10
CVE-2018-12626 [MEDIUM] CWE-79 CVE-2018-12626: An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
nvd
CVE-2018-12622P4MEDIUMCVSS 6.1≤ 3.5.02019-07-10
CVE-2018-12622 [MEDIUM] CWE-79 CVE-2018-12622: An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name paramete An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
nvd
CVE-2018-12627P4MEDIUMCVSS 6.1≤ 3.5.02019-07-10
CVE-2018-12627 [MEDIUM] CWE-79 CVE-2018-12627: An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_is An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.
nvd
CVE-2018-12625P4MEDIUMCVSS 6.1≤ 3.5.02019-07-10
CVE-2018-12625 [MEDIUM] CWE-79 CVE-2018-12625: An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
nvd
CVE-2018-12624P4MEDIUMCVSS 6.1v3.5.02019-05-24
CVE-2018-12624 [MEDIUM] CWE-79 CVE-2018-12624: An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parame An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
nvd
Eventum Project Eventum vulnerabilities | cvebase