Jigowatt PHP Event Calendar – ‘day_view.php’ SQL Injection

Exploit Database
15 阅读

作者： Daniel Godoy

日期： 2014-04-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39146/

source: https://www.securityfocus.com/bid/66923/info

Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Jigowatt PHP Event Calendar 2.16b is vulnerable; other versions may also be affected. 

http://www.example.com/code/calendar/day_view.php?day=23&month=4&year=[SQL injection]

last Exploits
Jigowatt PHP Event Calendar – ‘day_view.php’ SQL Injection的更多信息

Dolibarr ERP-CRM 10.0.1 – SQL Injection：
Webspell wCMS-Clanscript4.01.02net – static Blind SQL Injection：
WordPress Core 3.4.2 – Multiple Path Disclosure Vulnerabilities：
The Matt Wright Guestbook.pl – Arbitrary Command Execution (Metasploit)：
FS Trademe Clone – ‘id’ SQL Injection：
Deluge Web UI 1.3.13 – Cross-Site Request Forgery：
WordPress Plugin Quick Page/Post Redirect 5.0.3 – Multiple Vulnerabilities：
MyBB Thread Redirect Plugin 0.2.1 – Cross-Site Scripting：