DEFTCODE( 2 )

GPG - 2048R/6D378CAF

CVE-2006-3094 – Calendarix 0.7.20060401 - Multiple SQL Injection

Vendor

http://www.calendarix.com/

Calendarix is a powerful and easy to use web-based calendar that runs on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user with the quickest possible navigation and accessing the most commonly used functions in the shortest steps.

Description

Multiple SQL Injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in cal_event.php and cal_popup.php.

Error occured in cal_popup.php:

$id = $_GET['id'];

Error occured in cal_event.php:

$dquery = "delete from ".$EVENTS_TB." where id='$id'";

Proof of Concept

  1. http://example/[c_path]/cal_event.php?id=[SQL_INJECTION]
  2. http://example/[c_path]/cal_popup.php?id=[SQL_INJECTION]

References