CVE-2015-10099

Name of the Vulnerable Software and Affected Versions CP Appointment Calendar Plugin version 1.1.5 and earlier

Description A critical vulnerability has been found in the CP Appointment Calendar Plugin. This issue affects the dex process ready to go appointment function of the dex appointments.php file. The manipulation of the itemnumber argument leads to SQL injection. It is possible to initiate the attack remotely.

Recommendations To fix this issue, apply the patch named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. As a temporary workaround, consider restricting access to the dex appointments.php file or disabling the dex process ready to go appointment function until the patch is applied. Avoid using the itemnumber argument in the affected function until the issue is resolved.