Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

PHP-Calendar Search.PHP SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for SQL injection vulnerability in PHP-Calendar search.php

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is susceptible to a
SQL injection attack.

Description :

The remote web server is running PHP-Calendar, a web-based calendar
written in PHP.

The version of PHP-Calendar installed on the remote host suffers from
a SQL injection vulnerability due to its failure to sanitize input to
the 'sort' and 'order' parameters to the 'includes/search.php' script.
A possible hacker can exploit this flaw to alter database queries,
potentially revealing sensitive information or even modifying data.

See also :

Solution :

Upgrade to PHP-Calendar version 0.10.3 or later.

Threat Level:

Medium / CVSS Base Score : 5

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.