Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin prior to 1.1.7 for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cp reservation calender project cp reservation calender |