Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Eventum Project Subscribe
Filtered by product Eventum
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11569 1 Eventum Project 1 Eventum 2019-09-06 7.5 HIGH 9.8 CRITICAL
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
CVE-2018-12628 1 Eventum Project 1 Eventum 2019-07-11 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
CVE-2018-12623 1 Eventum Project 1 Eventum 2019-07-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
CVE-2018-12625 1 Eventum Project 1 Eventum 2019-07-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
CVE-2018-12626 1 Eventum Project 1 Eventum 2019-07-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
CVE-2018-12622 1 Eventum Project 1 Eventum 2019-07-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
CVE-2018-12627 1 Eventum Project 1 Eventum 2019-07-10 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.
CVE-2018-12621 1 Eventum Project 1 Eventum 2019-07-08 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
CVE-2018-12624 1 Eventum Project 1 Eventum 2019-05-28 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
CVE-2014-1631 1 Eventum Project 1 Eventum 2019-04-26 5.0 MEDIUM 7.5 HIGH
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVE-2014-1632 1 Eventum Project 1 Eventum 2019-04-26 9.3 HIGH 8.1 HIGH
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
CVE-2018-16761 1 Eventum Project 1 Eventum 2018-11-06 5.8 MEDIUM 6.1 MEDIUM
Eventum before 3.4.0 has an open redirect vulnerability.