CyberSec.Space Logo
Back to CVE Browser

CVE-2018-5315

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1200%
EPSS Percentile36.70th
PublishedJan 12, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

Affected Platforms (CPE)

πŸ“¦
Wp Events Calendar Project

Wp Events Calendar

= 1.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/43479/
πŸ”— http://packetstormsecurity.com/files/145833/WordPress-Events-Calendar-1.0-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/43479/

Related Vulnerabilities

CVE-2008-467310.0

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1...

CVE-2021-420779.8

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter...

CVE-2018-63989.8

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.

CVE-2021-249439.8

The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send...