Описание
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-4011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27362
- http://ltwcalendar.sourceforge.net/changelog.php
- http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html
- http://secunia.com/advisories/17799
- http://securitytracker.com/id?1016364
- http://www.Silitix.com/calendar-cws.php
- http://www.attrition.org/pipermail/vim/2006-December/001154.html
- http://www.osvdb.org/21195
- http://www.osvdb.org/27539
- http://www.securityfocus.com/archive/1/438232/100/0/threaded
- http://www.securityfocus.com/archive/1/438580/100/0/threaded
- http://www.securityfocus.com/bid/15636
- http://www.securityfocus.com/bid/18593
- http://www.vupen.com/english/advisories/2005/2652
Связанные уязвимости
nvd
около 20 лет назад
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.