DESCRIPTION:
A vulnerability has been reported in Plans, which can be exploited by
malicious people to conduct SQL injection attacks.
Input passed to the "evt_id" parameter in "plans.cgi" isn't properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that SQL database support has been
enabled in "plans_config.pl" (the default setting is flat files).
The vulnerability has been reported in version 6.7.1. Prior versions
may also be affected.
SOLUTION:
Update to version 6.7.2.
http://www.planscalendar.com/index.php?p=download
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
{"id": "SECURITYVULNS:DOC:8997", "bulletinFamily": "software", "title": "[SA15854] Plans "evt_id" SQL Injection Vulnerability", "description": "\r\n----------------------------------------------------------------------\r\n\r\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\r\n\r\n\r\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\r\nSicherheit:\r\nhttp://secunia.com/secunia_vacancies/\r\n\r\n----------------------------------------------------------------------\r\n\r\nTITLE:\r\nPlans "evt_id" SQL Injection Vulnerability\r\n\r\nSECUNIA ADVISORY ID:\r\nSA15854\r\n\r\nVERIFY ADVISORY:\r\nhttp://secunia.com/advisories/15854/\r\n\r\nCRITICAL:\r\nModerately critical\r\n\r\nIMPACT:\r\nManipulation of data\r\n\r\nWHERE:\r\n>From remote\r\n\r\nSOFTWARE:\r\nPlans 6.x\r\nhttp://secunia.com/product/5021/\r\n\r\nDESCRIPTION:\r\nA vulnerability has been reported in Plans, which can be exploited by\r\nmalicious people to conduct SQL injection attacks.\r\n\r\nInput passed to the "evt_id" parameter in "plans.cgi" isn't properly\r\nsanitised before being used in a SQL query. This can be exploited to\r\nmanipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nSuccessful exploitation requires that SQL database support has been\r\nenabled in "plans_config.pl" (the default setting is flat files).\r\n\r\nThe vulnerability has been reported in version 6.7.1. Prior versions\r\nmay also be affected.\r\n\r\nSOLUTION:\r\nUpdate to version 6.7.2.\r\nhttp://www.planscalendar.com/index.php?p=download\r\n\r\nPROVIDED AND/OR DISCOVERED BY:\r\nReported by vendor.\r\n\r\n----------------------------------------------------------------------\r\n\r\nAbout:\r\nThis Advisory was delivered by Secunia as a free service to help\r\neverybody keeping their systems up to date against the latest\r\nvulnerabilities.\r\n\r\nSubscribe:\r\nhttp://secunia.com/secunia_security_advisories/\r\n\r\nDefinitions: (Criticality, Where etc.)\r\nhttp://secunia.com/about_secunia_advisories/\r\n\r\n\r\nPlease Note:\r\nSecunia recommends that you verify all advisories you receive by\r\nclicking the link.\r\nSecunia NEVER sends attached files with advisories.\r\nSecunia does not advise people to install third party patches, only\r\nuse those supplied by the vendor.\r\n", "published": "2005-06-29T00:00:00", "modified": "2005-06-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8997", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:13", "edition": 1, "viewCount": 6, "enchantments": {"score": {"value": 3.3, "vector": "NONE", "modified": "2018-08-31T11:10:13", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2746164", "KB953334", "KB2874216", "KB981401", "KB983509", "KB2425179", "KB2510690", "KB2501721", "KB980408", "KB2785908"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}], "modified": "2018-08-31T11:10:13", "rev": 2}, "vulnersScore": 3.3}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **221[.]218.6.146** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-13T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 4808: (First IP 221.216.204.0, Last IP 221.219.135.255).\nASN Name \"CHINA169BJ\" and Organisation \"China Unicom Beijing Province Network\".\nASN hosts 157962 domains.\nGEO IP information: City \"Beijing\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-13T00:00:00", "id": "RST:F72A33A1-3159-326A-8997-EC681BF27DF5", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 221.218.6.146", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0as24247057717277870[.]win** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:7E8E3436-6FF7-3C11-8997-543A9C527A7C", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 0as24247057717277870.win", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **154[.]79.244.38** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-02-01T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nASN 36926: (First IP 154.79.241.0, Last IP 154.79.255.255).\nASN Name \"CKL1ASN\" and Organisation \"\".\nASN hosts 101 domains.\nGEO IP information: City \"\", Country \"Kenya\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-02-01T00:00:00", "id": "RST:86F3D60B-8997-36D1-96BA-1C5BDFC0347C", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 154.79.244.38", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **121[.]22.19.213** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2019-10-08T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nASN 4837: (First IP 121.16.0.0, Last IP 121.31.27.255).\nASN Name \"CHINA169BACKBONE\" and Organisation \"CNCGROUP China169 Backbone\".\nASN hosts 537984 domains.\nGEO IP information: City \"Qinhuangdao\", Country \"China\".\nIOC could be a **False Positive** (May be a Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-10-08T00:00:00", "id": "RST:564E1A38-BF6D-39D2-8997-8395B76C1828", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 121.22.19.213", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **71[.]220.177.129** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **49**.\n First seen: 2021-01-13T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 209: (First IP 71.216.248.0, Last IP 71.223.255.255).\nASN Name \"CENTURYLINKUSLEGACYQWEST\" and Organisation \"Qwest Communications Company LLC\".\nASN hosts 73950 domains.\nGEO IP information: City \"Tallahassee\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-13T00:00:00", "id": "RST:63F83CE8-3765-3969-8997-39CF9AA0D60E", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 71.220.177.129", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **82[.]145.31.212** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **13**.\n First seen: 2020-10-07T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 8881: (First IP 82.145.28.0, Last IP 82.145.31.255).\nASN Name \"VERSATEL\" and Organisation \"\".\nASN hosts 46086 domains.\nGEO IP information: City \"Bottrop\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-07T00:00:00", "id": "RST:9A892D2E-0EDC-3D75-8997-7107794CBE62", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 82.145.31.212", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]125.161.107** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-02-08T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nASN 262346: (First IP 177.125.160.0, Last IP 177.125.167.255).\nASN Name \"FP\" and Organisation \"Telecomiunicacoes Ltda\".\nASN hosts 2 domains.\nGEO IP information: City \"Pontalina\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-02-08T00:00:00", "id": "RST:AB09B6AC-2BAF-37C7-8997-4CA62F58C9CE", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 177.125.161.107", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **103[.]240.33.121** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nASN 132923: (First IP 103.240.32.0, Last IP 103.240.35.255).\nASN Name \"VIHAANASIN\" and Organisation \"Vihaan Telecommunication Pvt Ltd\".\nASN hosts 319 domains.\nGEO IP information: City \"Vadodara\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:9B40FD6C-831D-3B02-8997-CBA2E4B74AF0", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 103.240.33.121", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **120[.]193.91.205** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nASN 9808: (First IP 120.193.88.0, Last IP 120.193.100.255).\nASN Name \"CMNETGD\" and Organisation \"Guangdong Mobile Communication CoLtd\".\nASN hosts 106401 domains.\nGEO IP information: City \"\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:6D32CD62-08B1-3CCD-8997-81BA361D82CC", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: 120.193.91.205", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **adreactor[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **22**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-23T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 46[.]166.179.113,46.166.179.117\nWhois:\n Created: 2001-08-12 23:18:34, \n Registrar: Gransy sro, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:AEF6B1C6-8997-334A-94FB-9A73E892F9D9", "href": "", "published": "2021-01-24T00:00:00", "title": "RST Threat feed. IOC: adreactor.com", "type": "rst", "cvss": {}}]}
