CVE-2008-6104

Description

SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.

Affected products

• a4desk / a4desk_flash_event_calendar

References

• MISChttp://www.securityfocus.com/bid/33835
• VENDOR_ADVISORYhttp://secunia.com/advisories/32083
• MISChttp://packetstorm.linuxsecurity.com/0810-exploits/a4desk-sqldisclose.txt