1 results (0.023 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7235 – CP Reservation Calendar < 1.1.7 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-7235
15 Sep 2015 — Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. Múltiples vulnerabilidades de inyección SQL en dex_reservations.php en el plugin CP Reservation Calendar en versiones anteriores a 1.1.7 para WordPress,... • https://www.exploit-db.com/exploits/38187 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •