Sql injection

Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to 1 categorylist.php, 2 Copyofcalendarlist.php, 3 customerstatisticslist.php, 4 customerlist.php, and 5...