Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13222
HistoryJun 17, 2006 - 12:00 a.m.

Calendarix 0.7.20060401, SQL Injection Vulnerabilities

2006-06-1700:00:00
vulners.com
5
JSON

Advisory id: FSA:018

Author: Federico Fazzi
Date: 15/06/2006, 23:36
Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities
Type: low
Product: http://www.calendarix.com/
Patch: unavailable

1) Description:

Error occured in cal_event.php:

$dquery = "delete from ".$EVENTS_TB." where id='$id'";

Error occured in cal_popup.php:

$id = $_GET['id'];

2) Proof of concept:

http://example/[c_path]/cal_event.php?id=[SQL_QUERY]
http://example/[c_path]/cal_popup.php?id=[SQL_QUERY]

3) Solution:

on cal_event.php sanitized $id variable,
on cal_popup.php don't use $_GET['id'] to assign a value.

JSON