phpScheduleIt <= 1.2.10 Multiple PHP Code Injection Vulnerabilities

Description:

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

References:

CVE-2008-6132
BID-31520
EDB-6646

Disclosure Date:

October 1, 2008