PHP-Calendar Search.PHP SQL Injection Vulnerability

Bugtraq ID:	13405
Class:	Input Validation Error
CVE:	CVE-2005-1397
Remote:	Yes
Local:	No
Published:	Apr 27 2005 12:00AM
Updated:	Jul 12 2009 02:06PM
Credit:	This vulnerability was announced by the vendor.
Vulnerable:	PHP-Calendar PHP-Calendar 0.10 PHP-Calendar PHP-Calendar 0.9.1 PHP-Calendar PHP-Calendar 0.9 PHP-Calendar PHP-Calendar 0.8 PHP-Calendar PHP-Calendar 0.7 PHP-Calendar PHP-Calendar 0.6 PHP-Calendar PHP-Calendar 0.5 PHP-Calendar PHP-Calendar 0.4 PHP-Calendar PHP-Calendar 0.3 PHP-Calendar PHP-Calendar 0.2 PHP-Calendar PHP-Calendar 0.1
Not Vulnerable:	PHP-Calendar PHP-Calendar 0.10.3

PHP-Calendar Search.PHP SQL Injection Vulnerability

PHP-Calendar is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

The vendor has addressed this issue in PHP-Calendar 0.10.3; earlier versions are reported vulnerable.

PHP-Calendar Search.PHP SQL Injection Vulnerability

No exploit is required.

PHP-Calendar Search.PHP SQL Injection Vulnerability

Solution:
The vendor has addressed this issue in PHP-Calendar version 0.10.3.


PHP-Calendar PHP-Calendar 0.1

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.10

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.2

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.3

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.4

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.5

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.6

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.7

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.8

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.9

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar PHP-Calendar 0.9.1

• PHP-Calendar php-calendar-0.10.3.tar.gz
  http://prdownloads.sourceforge.net/php-calendar/php-calendar-0.10.3.ta r.gz?download

PHP-Calendar Search.PHP SQL Injection Vulnerability

References:

• PHP-Calendar 0.10.3 Release Notes (PHP-Calendar)
  
• PHP-Calendar Homepage (PHP-Calendar)