Home/Product/eventum project eventum
Product

eventum project eventum

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2018-11569
>= 3.5.0 and < 3.5.2
Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.
9.8CRITICAL
 CVE-2018-12628
<= 3.5.0
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
8.8HIGH
 CVE-2018-12627
<= 3.5.0
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues
6.1MEDIUM
 CVE-2018-12626
<= 3.5.0
An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.
6.1MEDIUM
 CVE-2018-12625
<= 3.5.0
An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.
6.1MEDIUM
 CVE-2018-12623
<= 3.5.0
An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.
6.1MEDIUM
 CVE-2018-12622
<= 3.5.0
An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.
6.1MEDIUM
 CVE-2018-12621
all versions
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
6.1MEDIUM
 CVE-2018-12624
all versions
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
6.1MEDIUM
 CVE-2018-16761
< 3.4.0
Eventum before 3.4.0 has an open redirect vulnerability.
6.1MEDIUM
 CVE-2014-1632
< 2.3.5
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname p
8.1HIGH
 CVE-2014-1631
< 2.3.5
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
7.5HIGH
 CVE-2005-2468
all versions
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands
 CVE-2005-2467
all versions
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh