Freelancer calendar 'SearchField' Parameter Multiple SQL Injection Vulnerabilities

Freelancer calendar 'SearchField' Parameter Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/worldcalendar/category_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]
http://www.example.com/worldcalendar/Copy_of_calendar_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]
http://www.example.com/worldcalendar/customer_statistics_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]
http://www.example.com/worldcalendar/customer_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]
http://www.example.com/worldcalendar/task_statistics_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL injection]