CVE-2014-10015 - SQL Injection vulnerability in PHPjabbers Event Booking Calendar 2.0

Summary

SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Classification

CWE-89 - SQL Injection

Risk level (CVSS 7.5)

High

7.5

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Phpjabbers Event Booking Calendar 2.0

External references

http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt

Related CVE

Date	CVE	Title	CVSS
2015-01-13	CVE-2014-10014	Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Event Booking Calendar 2.0	6.8