Vulnerability Details CVE-2015-7319
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html
- http://www.securityfocus.com/archive/1/536555/100/0/threaded
- https://wordpress.org/plugins/appointment-booking-calendar/changelog/
- https://wpvulndb.com/vulnerabilities/8199
- http://packetstormsecurity.com/files/133757/WordPress-Appointment-Booking-Calendar-1.1.7-SQL-Injection.html
- http://www.securityfocus.com/archive/1/536555/100/0/threaded
- https://wordpress.org/plugins/appointment-booking-calendar/changelog/
- https://wpvulndb.com/vulnerabilities/8199
Products affected by CVE-2015-7319
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.0.1
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.3
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.4
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.6
-
cpe:2.3:a:codepeople:appointment_booking_calendar:1.1.7