Published: 08/11/2021 Updated: 09/11/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

PHP Event Calendar prior to 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kaysongroup php event calendar

PHP Event Calendar Lite Edition suffers from a remote SQL injection vulnerability that allows for authentication bypass ...

Full Disclosure mailing list archives   By Date By Thread </form>    [SYSS-2021-048] PHP Event Calendar - SQL Injection (CVE-2021-42077)  <!--X-Head-of-Message- ...

CWE-89 http://packetstormsecurity.com/files/164777/PHP-Event-Calendar-Lite-Edition-SQL-Injection.html https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-048.txt https://nvd.nist.gov https://packetstormsecurity.com/files/164777/PHP-Event-Calendar-Lite-Edition-SQL-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-42077

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect