High

CVE-2014-10015 - SQL Injection vulnerability in PHPjabbers Event Booking Calendar 2.0

Publication: 2015-01-13

Summary

SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Classification

CWE-89: SQL Injection

Risk level (CVSS 7.5)

High

7.5

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Phpjabbers Event Booking Calendar 2.0

References

http://packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt