CVE-2015-7319

Name of the Vulnerable Software and Affected Versions Appointment Booking Calendar plugin versions prior to 1.1.8

Description The issue allows remote attackers to execute arbitrary SQL commands. This is related to updating the username via unspecified vectors in the cpabc appointments admin int calendar list.inc.php file.

Recommendations For versions prior to 1.1.8, update to version 1.1.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the cpabc appointments admin int calendar list.inc.php file until a patch is applied. Avoid using the username variable in related API endpoints until the issue is resolved.