BID:30817

Calendarix Multiple SQL Injection Vulnerabilities

Info

Calendarix Multiple SQL Injection Vulnerabilities

Bugtraq ID:	30817
Class:	Input Validation Error
CVE:	CVE-2008-2429
Remote:	Yes
Local:	No
Published:	Aug 25 2008 12:00AM
Updated:	Aug 28 2008 09:54PM
Credit:	Secunia Research
Vulnerable:	Calendarix Calendarix 0.8.20071118

Not Vulnerable:	Calendarix Calendarix 0.8.20080808

Discussion

Calendarix Multiple SQL Injection Vulnerabilities

Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Calendarix 0.8.20071118 is vulnerable; other versions may also be affected.

Exploit / POC

Calendarix Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

Solution / Fix

Calendarix Multiple SQL Injection Vulnerabilities

Solution:
These issues have been addressed in Calendarix 0.8.20080808. Please see the references for more information.

Calendarix Calendarix 0.8.20071118

Calendarix calendarix_0_8_20080808.zip
http://calendarix.com/release/calendarix_0_8_20080808.zip

References

Calendarix Multiple SQL Injection Vulnerabilities

References:

Basic Version Updates (Calendarix)
Calendarix Home Page (Calendarix)
Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities (Secunia Research)
Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities (Secunia Research )