CVE-2015-2196

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:web-dorado:spider_calendar:1.4.9:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:26

Type Values Removed Values Added
References () http://www.exploit-db.com/exploits/36061 - Exploit () http://www.exploit-db.com/exploits/36061 - Exploit

Information

Published : 2015-03-03 19:59

Updated : 2024-11-21 02:26


NVD link : CVE-2015-2196

Mitre link : CVE-2015-2196

CVE.ORG link : CVE-2015-2196


JSON object : View

Products Affected

web-dorado

  • spider_calendar
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')