You are here: Home Support Forums JEvents (Free Forums) JEvents 3.4 (Free Access) Information by Mini Calender, by klick the Mouse
Recent
Categories
Tags
You need to be logged in to view a user's profile.
View Replies (3)

Resolved SQL Injection issue - High Vulnerability found - RSVP Pro

  1. Issue
0
Votes
Undo
  1. intellitech
    intellitech
    Gold Member
  2. JEvents Translations (Free Access)
  3. Thursday, 25 March 2021
Please see the attached scanned report and do the needful ASAP.
Attachments (1)
20210321_Affected_Items_www_scl_org_sg (1).pdf
  1. RSVP pro
  2. RSVPPro
Cannot use 3.6.13 - Gets kicked out to main web pa...
Blank New/Edit Screen in backend after update to 3...
Responses (3)
mimmomgl
mimmomgl
Accepted Answer Pending Moderation
0
Votes
Undo
What's new about this vulnerability?
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 1
tonyp
tonyp
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Can you please confirm your RSVP Pro Version for testing?

Many thanks
Tony
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 2
geraint
geraint
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Thank you for highlighting this issue.

I see where this message is coming from and I can assure you that it is not exploitable as an SQL injection because the input is filtered and any SQL or Javascript is removed and the error is caught in the code. What is incorrect is to output an error message as opposed to silently returning no results.

I will resolve this in the next release due in the next few days
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!
  1. more than a month ago
  2. JEvents Translations (Free Access)
  3. # 3
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!

Members Area

Show your support

Unlike many Joomla calendars we do not charge to download JEvents - please show your support for this project by becoming a member of the JEvents Club Club members get access to early releases, exclusive member support forums, and Silver and Gold members can use many exciting JEvents addons

Your membership will ensure that JEvents continues to be the best events calendar for Joomla.

Login Form