Jigowatt PHP Event Calendar "year" SQL注入漏洞

Jigowatt PHP Event Calendar是一款日历WEB应用程序。 Jigowatt PHP Event Calendar calendar/dayview.php不正确过滤"year"参数数据，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。 0 Jigowatt PHP Event Calendar 2.x 目前没有详细解决方案： http://codecanyon.net/item/php-event-calendar/47723...

Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection

source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, acces...