Security Advisory

CVE-2021-42077

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-08 04:01:18

Last updated 2024-08-04 03:22:25

Assigner mitre

State PUBLISHED

Description

PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database system. It can also be used to bypass the login form.

← Browse all CVEs View on cve.org ↗