Eventum Project Eventum — known CVE vulnerabilities
Every CVE whose affected-product data names Eventum Project Eventum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2018-11569 — CVSS 9.8 (critical): Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
CVE-2018-12628 — CVSS 8.8 (high): An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
CVE-2014-1632 — CVSS 8.1 (high): htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
CVE-2014-1631 — CVSS 7.5 (high): Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
CVE-2018-12624 — CVSS 6.1 (medium): An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
CVE-2018-12627 — CVSS 6.1 (medium): An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues…