Intrusion Prevention

PHP.Orca.Ringmaker.SQL.Injection

Description

It indicates a attacker attempted an SQL Injection attack against Oracs Ringmaker. Ringmaker ItwCalendar contains a flaw that may allow an attacker to carry out SQL injection attacks. The flaw is in the "ringmaker.php" script that does not properly validate the "start" parameter. A successful exploit can allow an attacker to execute SQL queries against the database.

Affected Products

Orca Ringmaker 2.3 c

Impact

Disclosure or Modification of sensitive data.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

CVE References

CVE-2005-3940