Vulnerabilities > Eventum Project > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2018-12628 Cross-Site Request Forgery (CSRF) vulnerability in Eventum Project Eventum
An issue was discovered in Eventum 3.5.0.
network
low complexity
eventum-project CWE-352
8.8
8.8
2018-01-31 CVE-2014-1632 Permission Issues vulnerability in Eventum Project Eventum
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
network
high complexity
eventum-project CWE-275
8.1
8.1
2018-01-31 CVE-2014-1631 Permission Issues vulnerability in Eventum Project Eventum
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
network
low complexity
eventum-project CWE-275
7.5
7.5