CVE-2009-1316

Description

Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.

Affected products

• abk-soft / ablespace1.0 – 1.0

References

• MISChttp://dsecrg.com/pages/vul/show.php?id=137
• MISChttp://www.securityfocus.com/bid/34512
• MISChttp://www.securityfocus.com/archive/1/502670/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/34663
• EXPLOIThttps://www.exploit-db.com/exploits/8424