A vulnerability was found in dwbooster Booking Calendar Contact Form up to 1.0.23 and classified as critical . This affects an unknown function of the component Shortcode Handler . Executing a manipulation of the argument calendar can lead to sql injection. This vulnerability is handled as CVE-2016-20069 . The attack can be executed remotely. Additionally, an exploit exists.