Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

EV0030.txt

🗓️ 21 Jan 2006 00:00:00Reported by Aliaksandr HartsuyeuType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

New eVuln Advisory: Benders Calendar SQL Injectio

Show more
Code
`New eVuln Advisory:  
Benders Calendar SQL Injection  
http://evuln.com/vulns/30/summary/bt/  
  
--------------------Summary----------------  
  
Software: Benders Calendar  
Sowtware's Web Site: http://sourceforge.net/projects/benderscalendar/  
Versions: 1.0  
Critical Level: Harmless  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
eVuln ID: EV0030  
  
-----------------Description---------------  
All user-defined variables isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: gpc_magic_quotes: off  
  
--------------Exploit----------------------  
"Year" "Month" or "Day" value:  
  
999' union select 1,2,3,4,5,6/*  
  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Jan 2006 00:00Current
7.4High risk
Vulners AI Score7.4
evulnbenders calendarsql injectionremoteunpatchedexploitaliaksandr hartsuyeu
17
.json
Report