exploitDog

CVE-2005-4009

Опубликовано: 05 дек. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.

Ссылки

http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html
http://www.osvdb.org/21402
Exploit
http://www.osvdb.org/21403
Exploit
http://www.osvdb.org/21405
Exploit
http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html
http://www.osvdb.org/21402
Exploit
http://www.osvdb.org/21403
Exploit
http://www.osvdb.org/21405
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php_lite:calendar_express:2.0:*:*:*:*:*:*:*

cpe:2.3:a:php_lite:calendar_express:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00603

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hc75-g4hp-4wp6

github

почти 4 года назад

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.

EPSS

Процентиль: 69%

0.00603

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other