Description
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.
Published: 2026-05-17
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 17 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Wende60
Wende60 redaxo Cms Addon Myevents
Vendors & Products Wende60
Wende60 redaxo Cms Addon Myevents

Sun, 17 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.
Title Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Wende60 Redaxo Cms Addon Myevents
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-18T10:58:34.982Z

Reserved: 2026-05-17T11:33:25.084Z

Link: CVE-2018-25319

cve-icon Vulnrichment

Updated: 2026-05-18T10:58:22.183Z

cve-icon NVD

Status : Deferred

Published: 2026-05-17T13:16:43.123

Modified: 2026-06-17T01:55:13.463

Link: CVE-2018-25319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T17:00:18Z

Weaknesses