HTTP: Unwise Characters in URL
This signature detects "unwise" characters in a URL, as defined by RFC-2396, "Uniform Resource Identifiers (URI): Generic Syntax". These characters may be an indication that SQL injection or other malicious activity may be occurring. It could also be the result of improper or poor web application design. If you are seeing a large number of hits on this signature to confirmed benign web applications, you may need to exempt those web applications until those web applications can be corrected. This is not a false positive, as the web application is failing to adhere to RFC standards.
Extended Description
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
Affected Products
Cp_multi_view_event_calendar_project cp_multi_view_event_calendar
Short Name
HTTP:AUDIT:UNWISE-CHAR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2010-0678 CVE-2010-0795 CVE-2014-8586 CVE-2017-12500 Characters URL Unwise in
Release Date
10/11/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3723
False Positive
Frequently
Vendors
Cp_multi_view_event_calendar_project
CVSS Score
7.5
9.0
6.8