CVE-2015-7235

Name of the Vulnerable Software and Affected Versions CP Reservation Calendar plugin versions prior to 1.1.7

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in a "dex reservations calendar load2" action or the dex item parameter in a "dex reservations check posted data" action in a request to the default URI.

Recommendations For versions prior to 1.1.7, update to version 1.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the dex reservations.php file to minimize the risk of exploitation. Avoid using the id and dex item parameters in the affected actions until the issue is resolved.