https://www.exploit-db.com/exploits/24382
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-135

MerakMailServer5.2.7版本中的calendar.html存在SQL注入漏洞。远程攻击者可以通过schedule参数执行任意SQL语句。

source: http://www.securityfocus.com/bid/10966/info
    
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
    
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
    
These vulnerabilities are reported to exist in versions prior to 7.5.2.

/calendar.html?id=1'&schedule=[SQL]

来源:XF
名称:merak-calendarhtml-sql-injection(17022)
链接:http://xforce.iss.net/xforce/xfdb/17022
来源:BID
名称:10966
链接:http://www.securityfocus.com/bid/10966
来源:OSVDB
名称:9044
链接:http://www.osvdb.org/9044
来源:SECUNIA
名称:12269
链接:http://secunia.com/advisories/12269
来源:packetstormsecurity.nl
链接:http://packetstormsecurity.nl/0408-exploits/merak527.txt
来源:BUGTRAQ
名称:20040817VulnerabilitiesinMerakWebmailServer
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109279057326044&w;=2
来源:SECTRACK
名称:1010969
链接:http://securitytracker.com/id?1010969