← back
CVE-2015-7235

CVE-2015-7235

EPSS 4.8%
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/38187/unverifiedexploitdbwww.exploit-db.com/exploits/38187unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://plugins.trac.wordpress.org/changeset/1104099/cp-reservation-calendarhttps://wordpress.org/plugins/cp-reservation-calendar/changelog/https://wpvulndb.com/vulnerabilities/8193https://www.exploit-db.com/exploits/38187/