Joomla JomEvents component version 3.7 suffers from a remote SQL injection vulnerability.
60d6031e70c6ffd4f1573e719680d17c
################################################
#Title: Joomla JomEvents 3.7 - SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://comdev.eu
#URL:
https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jomevents/
#Product: 'Joomla JomEvents 3.7'
#Developer: Comdev
#Extension type: Plugin
#Last updated: Oct 29 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# JomEvent offers an event management system which provides design and
seamless integration with your current Joomla deployment.
# Look no further: JomEvents is a one-stop-shop for your events website
implementation.
#
# POST -p [distancew & date_end]
#
#
http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.itemsjv&format=json&extension=com_jomevents&limit=100
#
#
title=hello&address-lat-lng=London%2C%20United%20Kingdom&distancew=50&date_start=2016-12-11&date_end=2017-01-01&latitude=51.5073509&longitude=-0.12775829999998223&26472415b6677db80c6b2404296e4a39=1&
#
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################