WebCalendar Multiple Module SQL Injection Vulnerabilities

The following proof of concept was provided:

http://www.example.com/webcalendar/view_m.php?id=additional sql command
http://www.example.com/webcalendar/login.php?user='additional%20sqlcommand
http://www.example.com/webcalendar/login.php?password='additional%20sql%20command


 

Privacy Statement
Copyright 2010, SecurityFocus