You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We received the following information from our OWASP-Security-Scanner:
critical severity - CVE-2018-25076 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pkg:maven/io.cloudevents/[email protected]
CVE-2018-25076 - A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395.
Is this a false positive? I cannot find the actual cause of the CVE within the repository.
The text was updated successfully, but these errors were encountered:
We received the following information from our OWASP-Security-Scanner:
Is this a false positive? I cannot find the actual cause of the CVE within the repository.
The text was updated successfully, but these errors were encountered: