Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gigcalendar SQL注入漏洞
Vulnerability Description
gigCalendar是一个免费的为维护网站旅游日志的的Joomla! and Mambo组件。 Mambo和Joomla! GigCalendar (com_gigcal)组件中存在多个SQL注入漏洞,当magic_quotes_gpc被中止时,远程攻击者(1)可以借助对index.php的一个细节操作的gigcal _venues_id参数,且该参数没有经过venuedetails.php适当地处理,以执行任意SQL指令;(2)借助对index.php的一个细节操作中igcal_bands_id参数,
CVSS Information
N/A
Vulnerability Type
N/A