Vulnerabilities for Jnews (...) - CXSECURITY.COM

Vulnerabilities for 'Jnews'

2020-03-09

CVE-2015-7342

CWE-89

JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

CVE-2015-7341

CWE-434

JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

CVE-2015-7343

CWE-79

JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

>>> Vendor: Joobi 4 Products

Copyright 2024, cxsecurity.com