A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability Network Vulnerability

Summary

A4Desk Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Seee http://www.securityfocus.com/bid/33835/ and http://php.a4desk.com/calendar/ for further informations.

Severity

Classification

CVE CVE-2009-0730
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache ActiveMQ Multiple Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
Apache Solr Directory Traversal Vulnerability Jan-14
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability

Take action and discover your vulnerabilities