PT-2007-6280 · Php Fusion · Php-Fusion Expanded Calendar 2.X
Matrix86
·
Publicado
2007-10-03
·
Atualizado
2021-04-21
·
CVE-2007-5187
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP-Fusion Expanded Calendar 2.x module version 2.x
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the
sel parameter in the infusions/calendar events panel/show single.php file.Recommendations
For PHP-Fusion Expanded Calendar 2.x module version 2.x, avoid using the
sel parameter in the /infusions/calendar events panel/show single.php endpoint until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Php-Fusion Expanded Calendar 2.X