Strike ID:
E19-5pqk1
CVSS:
6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a sql injection vulnerability in WordPress Plugin Booking Calendar 8.4.3. The vulnerability is due to improper sanitization of the booking id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-%7B2018-20556%7D

References

https://support.ixiacom.com/%7B%7D

MSB

https://technet.microsoft.com/en-us/library/security/MS{}

BID

http://www.securityfocus.com/bid/{}

ExploitDB

http://www.exploit-db.com/exploits/{46377}

Secunia

http://secunia.com/advisories/{}

Security Tracker

http://securitytracker.com/id?%7B%7D

Metasploit

https://github.com/rapid7/metasploit-framework/blob/master/modules/{}

ZDI

http://www.zerodayinitiative.com/advisories/ZDI-{}

Google

https://code.google.com/p/google-security-research/issues/detail?id=%7B%7D

OSVDB

{}