Thyme Calendar Event_View.PHP SQL Injection Vulnerability

Bugtraq ID:	23912
Class:	Input Validation Error
CVE:	CVE-2007-2621
Remote:	Yes
Local:	No
Published:	May 09 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Warlord is credited with the discovery of this vulnerability.
Vulnerable:	EXtrovert Software Thyme Calendar 1.3
Not Vulnerable:

Thyme Calendar Event_View.PHP SQL Injection Vulnerability

Thyme Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Thyme Calendar 1.3 is vulnerable; other versions may also be affected.

Thyme Calendar Event_View.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

Thyme Calendar Event_View.PHP SQL Injection Vulnerability

Solution:
The vendor has released fixes to address this issue; please contact the vendor for details on obtaining and installing these fixes.

Thyme Calendar Event_View.PHP SQL Injection Vulnerability

References:

• Thyme Homepage (EXtrovert Software)
  
• Thyme Vulnerability - Thyme 1.x downloaded before 5-18-2007 (Thyme)