CVE-2011-5109
Description
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Freelancer Calendar 1.01 - SQL Injection
------------------------------------------------------------------------
Freelancer calendar <= 1.01 SQL Injection Vulnerability
------------------------------------------------------------------------
author............: muuratsalo (Revshell.com)
contact...........: muuratsalo[at]gmail[dot]com
download..........: http://sourceforge.net/projects/freelancercal/
[0x01] Vulnerability overview:
Freelancer calendar <= 1.0.1 is affected by a SQL injection vulnerability.
Note - A registered account could be required to exploit the vulnerability.
[0x02] Disclosure timeline:
[16/11/2011] - SQL injection vulnerability discovered and reported to
the vendor.
[19/11/2011] - No response from the vendor, public disclosure.
[0x03] Proof of Concept:
http://localhost/worldcalendar/category_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL
injection]
http://localhost/worldcalendar/Copy_of_calendar_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL
injection]
http://localhost/worldcalendar/customer_statistics_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL
injection]
http://localhost/worldcalendar/customer_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL
injection]
http://localhost/worldcalendar/task_statistics_list.php?a=search&value=1&SearchFor=muuratsalo&SearchOption=Contains&SearchField=[SQL
injection]Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| john_geo | freelancer_calendar | {"endIncluding":"1.01"} | |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0305.html
- http://osvdb.org/77244
- http://osvdb.org/77245
- http://osvdb.org/77246
- http://osvdb.org/77247
- http://osvdb.org/77248
- http://secunia.com/advisories/46970
- http://www.exploit-db.com/exploits/18127
- http://www.securityfocus.com/archive/1/520573/100/0/threaded
- http://www.securityfocus.com/bid/50733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71403
- http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0305.html
- http://osvdb.org/77244
- http://osvdb.org/77245
- http://osvdb.org/77246
- http://osvdb.org/77247
- http://osvdb.org/77248
- http://secunia.com/advisories/46970
- http://www.exploit-db.com/exploits/18127
- http://www.securityfocus.com/archive/1/520573/100/0/threaded
- http://www.securityfocus.com/bid/50733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71403
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.