[VIM] OSVDB 24021: 1WebCalendar viewEvent.cfm EventID Variable SQL Injection

jkouns jkouns at opensecurityfoundation.org
Thu Jan 4 00:30:26 EST 2007


OSVDB-ID 24021
Comment	Official Statement from Benson IT Solutions (1/3/2007)
WebCalendar v4 has been updated to include fixes that filter the url 
numeric and date variables in question and prevent non-numeric and 
non-date values from being passed to the SQL queries. This fixes the 
problems with the pages in question. 
http://www.bensonitsolutions.com/Calendar/v4/

---------------------
Guessing version 4.1 ?


More information about the VIM mailing list