Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP-Calendar < 0.10.3 includes/search.php SQL Injection



The remote web server contains a script that is vulnerable to a SQL injection attack.


The remote host is running PHP-Calendar, a web-based calendar application written in PHP. This version of PHP-Calendar is vulnerable to a remote SQL injection attack. Specifically, the search.php script fails to parse out SQL-reserved characters and would allow a remote attacker to read or write data as well as potentially execute arbitrary code on the remote database.


Upgrade to version 0.10.3 or higher.