Family: CGI abuses --> Category: attack
PHP-Calendar Search.PHP SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in PHP-Calendar search.php
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is susceptible to a
SQL injection attack.
The remote web server is running PHP-Calendar, a web-based calendar
written in PHP.
The version of PHP-Calendar installed on the remote host suffers from
a SQL injection vulnerability due to its failure to sanitize input to
the 'sort' and 'order' parameters to the 'includes/search.php' script.
A possible hacker can exploit this flaw to alter database queries,
potentially revealing sensitive information or even modifying data.
See also :
Upgrade to PHP-Calendar version 0.10.3 or later.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.