Vulnerabilities and security researches forcp-reservation-calendar cp-reservation-calendar

Jun 10, 2024

CVE, Research URL: CVE-2015-7235
Home page URL: Security reports for CP Reservation Calendar
Application: CP Reservation Calendar
Date: Sep 17, 2015
Research Description: Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Affected versions: max 1.1.7.
Status: vulnerable