Aggregates CVE and security vulnerability intelligence across all chillcreations-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact data exposure and vendor impact file overwrite across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-5989 | SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. | [email protected] | 9.8 | 1.08% | 2018-02-17 | 2024-11-21 |
| CVE-2011-5099 | SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 1.74% | 2012-08-14 | 2026-04-29 |
| CVE-2010-4853 | SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | [email protected] | 7.5 | 0.45% | 2011-10-05 | 2026-04-29 |
| CVE-2010-0467 | Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. | [email protected] | 5.8 | 3.40% | 2010-02-02 | 2026-04-29 |