PHP-Calendar < 0.10.3 includes/search.php SQL Injection
High Nessus Network Monitor Plugin ID 2864
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running PHP-Calendar, a web-based calendar application written in PHP. This version of PHP-Calendar is vulnerable to a remote SQL injection attack. Specifically, the search.php script fails to parse out SQL-reserved characters and would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database.
SolutionUpgrade to version 0.10.3 or higher.