CVE-2015-7235
published 2015-09-17CVE-2015-7235: Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.82%
90.9th percentile
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cp_reservation_calender_project | cp_reservation_calender | <= 1.1.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendarhttps://wordpress.org/plugins/cp-reservation-calendar/changelog/https://wpvulndb.com/vulnerabilities/8193https://www.exploit-db.com/exploits/38187/https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendarhttps://wordpress.org/plugins/cp-reservation-calendar/changelog/https://wpvulndb.com/vulnerabilities/8193https://www.exploit-db.com/exploits/38187/
2015-09-17
Published