SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpwebsite | Phpwebsite | 0.7.3 (including) | 0.7.3 (including) |
| Phpwebsite | Phpwebsite | 0.8.2 (including) | 0.8.2 (including) |
| Phpwebsite | Phpwebsite | 0.8.3 (including) | 0.8.3 (including) |
| Phpwebsite | Phpwebsite | 0.9.3 (including) | 0.9.3 (including) |
| Phpwebsite | Phpwebsite | 0.9.3.4 (including) | 0.9.3.4 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=109413493005513\u0026w=2
- http://secunia.com/advisories/12438
- http://www.gulftech.org/?node=research\u0026article_id=00048-08312004
- http://www.phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_user_op=view\u0026ANN_id=822
- http://www.securityfocus.com/bid/11088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17199
- http://marc.info/?l=bugtraq\u0026m=109413493005513\u0026w=2
- http://secunia.com/advisories/12438
- http://www.gulftech.org/?node=research\u0026article_id=00048-08312004
- http://www.phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_user_op=view\u0026ANN_id=822
- http://www.securityfocus.com/bid/11088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17199