CVE-2018-25319
Severity CVSS v4.0:
HIGH
Type:
CWE-89
SQL Injection
Publication date:
17/05/2026
Last modified:
17/06/2026
Description
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
7.10
Severity 3.x
HIGH



