PT-2007-3197 · Php Fusion · Php-Fusion Expanded Calendar

Published

2007-04-03

Updated

2018-10-16

CVE-2007-1845

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP-Fusion Expanded Calendar (calendar panel) module version 2.00

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the m month parameter in the show event.php file.

Recommendations: For PHP-Fusion Expanded Calendar (calendar panel) module version 2.00, avoid using the m month parameter in the show event.php file until the issue is resolved. As a temporary workaround, consider restricting access to the show event.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1845

Affected Products

Php-Fusion Expanded Calendar

PT-2007-3197 · Php Fusion · Php-Fusion Expanded Calendar

CVE-2007-1845

Related Identifiers

Affected Products

References · 9