vendor:
Calendar Express
by:
Baybora
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Calendar Express
Affected Version From: 2
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: calendarexpress2.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008
Calendar Express 2.0 Vulnerability
Calendar Express 2.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. The request contains malicious SQL code that is executed in the backend database. This can allow an attacker to gain access to sensitive information such as usernames, passwords, and other confidential data stored in the database.
Mitigation:
Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.