[VIM] OSVDB 24021: 1WebCalendar viewEvent.cfm EventID Variable SQL Injection
jkouns
jkouns at opensecurityfoundation.org
Thu Jan 4 00:30:26 EST 2007
OSVDB-ID 24021
Comment Official Statement from Benson IT Solutions (1/3/2007)
WebCalendar v4 has been updated to include fixes that filter the url
numeric and date variables in question and prevent non-numeric and
non-date values from being passed to the SQL queries. This fixes the
problems with the pages in question.
http://www.bensonitsolutions.com/Calendar/v4/
---------------------
Guessing version 4.1 ?
More information about the VIM
mailing list