JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-03-09
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
CVSS Score
7.2
EPSS Score
0.003
Published
2020-03-09
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-03-09