Description - Authentication Bypass in Magic Calendar Lite
SQL Injection found in Magic Calendar Lite script.
- Exploit
- Available
- Solution
- Not available - check Reamday Enterprises website
Vulnerable script: cms/index.php
Variables $total_login $total_password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Order Source Code Analysis made by eVuln team
Prevent hacker attacks by source code review of your website or web application made by Aliaksandr Hartsuyeu.The order will be done by experts in website security.