CVE-2022-1006

Summary

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks

Affected Software

VendorProductVersion RangeStatus
UnknownAdvanced Booking Calendar1.7.1 < 1.7.1affected

Weaknesses

  • CWE-89: CWE-89 SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References