CVE-2015-7319
published 2015-09-29CVE-2015-7319: SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.43%
82.2th percentile
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codepeople | appointment_booking_calendar | < 1.1.24 | 1.1.24 |
| codepeople | appointment_booking_calendar | <= 1.1.7 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8qwx-wmp7-5594: The appointment-booking-calendar plugin before 1
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2016-10916 [HIGH] CWE-89 GHSA-8qwx-wmp7-5594: The appointment-booking-calendar plugin before 1
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.
GHSA
GHSA-7hgg-3xq5-3f3h: SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list
ghsa_unreviewed·2022-05-14
CVE-2015-7319 [HIGH] CWE-89 GHSA-7hgg-3xq5-3f3h: SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.htmlhttp://www.securityfocus.com/archive/1/536555/100/0/threadedhttps://wordpress.org/plugins/appointment-booking-calendar/changelog/https://wpvulndb.com/vulnerabilities/8199http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.htmlhttp://www.securityfocus.com/archive/1/536555/100/0/threadedhttps://wordpress.org/plugins/appointment-booking-calendar/changelog/https://wpvulndb.com/vulnerabilities/8199
2015-09-29
Published