Intrusion Prevention

PHP.Codewalkers.ltwCalendar.id.Remote.SQL.Injection

Description

This indicates that an attacker attempted a SQL Injection attack against Codewalkers ItwCalendar.
ItwCalendar contains a flaw that may allow an attacker to carry out SQL injection attacks. The flaw is in the "calendar.php" script, which does not properly validate the "id" parameter. A successful exploit can allow an attacker to execute SQL queries against the database.

Affected Products

ltwCalendar ltwCalendar 4.1.3

Impact

System compromise: disclosure or modification of sensitive data.

Recommended Actions

Apply appropriate patch from the vendor or upgrade to non-vulnerable version if available.