Описание
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Ссылки
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:webcalendar:webcalendar:0.9.45:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00561
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
больше 20 лет назад
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
debian
больше 20 лет назад
SQL injection vulnerability in the user_valid_crypt function in user.p ...
github
больше 3 лет назад
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
EPSS
Процентиль: 67%
0.00561
Низкий
6.4 Medium
CVSS2
Дефекты
NVD-CWE-Other