WordPress: cp-reservation-calendar 1.1.6 SQLi injection
A vulnerability has been detected in the WordPress cp reservation calendar Plugin v1.6. The vulnerability allows remote attackers to inject SQL commands. The sql injection vulnerability is located in the dex_reservations.php file. Remote attackers are able to execute own sql commands by manipulation of requested parameters. The security risk of the sql injection vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 8.6. Exploitation of the remote sql injection web vulnerability requires no user interaction or privilege web-application user account. Successful exploitation of the remote sql injection results in database management system, web-server and web-application compromise.