3 matches found
Exploit for SQL Injection in Wpbookingcalendar Booking_Calendar
Booking Calendar = 9.9 - Unauthenticated SQL Injection CVE-2...
CVE-2024-1207 Booking Calendar <= 9.9 - Unauthenticated SQL Injection
The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendarrequestparamsdatesddmmyycsv' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2024-1207
CVE-2024-1207 affects WP Booking Calendar for WordPress (versions up to 9.9). The vulnerability is an unauthenticated SQL Injection via the calendar_request_params[dates_ddmmyy_csv] parameter, caused by insufficient escaping and inadequate query preparation. Public disclosures (NVD and Red Hat) r...