CVE-2018-25319

HIGH

Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25319. PoCs published by h0n1gsp3cht.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Redaxo CMS Addon MyEvents (version 2.2.1) via the 'myevents_id' parameter. The PoC shows how an attacker can inject arbitrary SQL queries through a crafted GET request, leveraging insufficient input sanitization in the 'event_add.php' file.

Description

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.

Exploits (1)

exploitdb WORKING POC

by h0n1gsp3cht · textwebappsphp

https://www.exploit-db.com/exploits/44261

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Redaxo CMS Addon MyEvents (version 2.2.1) via the 'myevents_id' parameter. The PoC shows how an attacker can inject arbitrary SQL queries through a crafted GET request, leveraging insufficient input sanitization in the 'event_add.php' file.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Redaxo CMS Addon MyEvents 2.2.1

Auth required

Prerequisites: Backend access to Redaxo CMS · MyEvents addon installed and active

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 17, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44261

https://www.exploit-db.com/exploits/44261

Product product

Official Product Homepage

http://www.github.com/wende60/myevents

Third Party Advisory third-party-advisory

VulnCheck Advisory: Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php

https://www.vulncheck.com/advisories/redaxo-cms-addon-myevents-sql-injection-via-event-add-php

Scores

CVSS v3 7.1

EPSS 0.0027

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

wende60/Redaxo CMS Addon MyEvents 2.2.1

Published May 17, 2026

Tracked Since May 17, 2026