WordPress Spider Calendar Plugin Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running WordPress Spider Calendar Plugin and is prone to multiple SQL Injection vulnerabilities.

Impact

Successful exploitation could allow attackers to manipulate SQL queries by injecting arbitrary SQL code and gain sensitive information. Impact Level: Application

Solution

Upgrade to WordPress Spider Calendar Plugin version 1.1.0 or later, For updates refer to http://wordpress.org/extend/plugins/spider-calendar/

Insight

Input passed via the 'calendar_id' parameter to 'front_end/spidercalendarbig_seemore.php' (when 'ev_ids' is set to the id of an available event) is not properly sanitised before being used in a SQL query.

Affected

WordPress Spider Calendar Plugin version 1.0.1

References

http://packetstormsecurity.org/files/117078/WordPress-Spider-1.0.1-SQL-Injection-XSS.html
http://secunia.com/advisories/50812
http://www.exploit-db.com/exploits/21715/
http://xforce.iss.net/xforce/xfdb/79042

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
Assesi 'bg' Parameter SQL Injection vulnerability
aflog Cookie-Based Authentication Bypass Vulnerability
ALCASAR Remote Code Execution Vulnerability
ApPHP MicroBlog Remote Code Execution Vulnerability

Take action and discover your vulnerabilities