RSS   Vulnerabilities for 'Jnews'   RSS

2020-03-09
 
CVE-2015-7342

CWE-89
 

 
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.

 
 
CVE-2015-7341

CWE-434
 

 
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.

 
 
CVE-2015-7343

CWE-79
 

 
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.

 

 >>> Vendor: Joobi 4 Products
Acajoom
Com jnews
Com jstore
Jnews


Copyright 2020, cxsecurity.com

 

Back to Top