CVE-2022-0694

CVE-2022-0694: Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection

Vendor Unknown

Product Advanced Booking Calendar

Weakness CWE-89 · SQLi

Published March 21, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection

Key dates

02Disclosure timeline

March 21, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0694 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-41373 SQL injection vulnerability in Gandia Integra Total CVE-2020-37226 Joomla J2 JOBS 1.3.0 Authenticated SQL Injection via sortby CVE-2026-27470 ZoneMinder: Second-Order SQL Injection in `getNearEvents()` via Stored Event Name and Cause Fields CVE-2025-11608 code-projects E-Banking System POST Parameter register.php sql injection CVE-2025-6293 code-projects Hostel Management System contact_manager.php sql injection