OSVDB ID: 85077

Title: Spider Calendar Lite Component for Joomla! index.php date Parameter SQL Injection

Info

Disclosure

Aug 30, 2012

Discovery

Unknown

Dates

Exploit

Aug 30, 2012

Solution

Unknown

Description

Spider Calendar Lite Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'date' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Web-Dorado

Spider Calendar Lite Component for Joomla!

1.4

References

Exploit Database: 20983
Secunia Advisory ID: 50457
Packet Storm: http://packetstormsecurity.org/files/116051/Joomla-Spider-Calendar-Lite-SQL-Injection.html
Vendor URL: http://web-dorado.com/products/spider-calendar-lite.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85077