ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Booking Calendar Plugin 6.2 - SQL Injection

Product
Booking Calendar
Description
Booking Calendar Plugin before 6.2 is prone to a SQL Injection vulnerability. The parameters are not sanitized properly in the wpdev_get_args_from_request_in_bk_listing() function from booking/lib/wpdev-bk-lib.php (line 709). It allows remote attackers to view data from the database by luring the target user into a malicious website.
Solution
Update Booking Calendar Plugin to 6.2.1.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
SumOfPwn
Exploit DB
CVE
Name CVE-N/A
Versions
Affected In <= 6.2
Fixed In 6.2.1
Disclosure date
2016-07-14
Credits
Edwin Molenaar