What is GHSA-vmcc-66gx-pph9?

GHSA-vmcc-66gx-pph9 is a security advisory published by GitHub Security Advisories with High severity. Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated...

Which CVE IDs does GHSA-vmcc-66gx-pph9 cover?

GHSA-vmcc-66gx-pph9 covers the following CVE IDs: CVE-2018-25319. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vmcc-66gx-pph9?

GHSA-vmcc-66gx-pph9 has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-vmcc-66gx-pph9HighCVSS 7.1

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated...

Vendor

GitHub Security Advisories

Published

May 17, 2026

Last Modified

May 17, 2026

🔗 CVE IDs covered (1)

CVE-2018-25319 →

📋 Description

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2018-25319
https://www.exploit-db.com/exploits/44261
https://www.vulncheck.com/advisories/redaxo-cms-addon-myevents-sql-injection-via-event-add-php
http://www.github.com/wende60/myevents
https://github.com/advisories/GHSA-vmcc-66gx-pph9