|
Description
|
|
Multiple vulnerabilities have been discovered in Freelancer calendar, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed via the "SearchField" parameter to category_list.php, Copy_of_calendar_list.php, customer_statistics_list.php, customer_list.php, and task_statistics_list.php (when "a" is set to "search", "SearchFor" is set, and "SearchOption" is set to "Contains") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 1.01. Other versions may also be affected.
|
