CVE-2005-4011

Опубликовано: 05 дек. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Ссылки

http://ltwcalendar.sourceforge.net/changelog.php
http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html
http://secunia.com/advisories/17799
Vendor Advisory
http://securitytracker.com/id?1016364
http://www.Silitix.com/calendar-cws.php
http://www.attrition.org/pipermail/vim/2006-December/001154.html
http://www.osvdb.org/21195
http://www.osvdb.org/27539
http://www.securityfocus.com/archive/1/438232/100/0/threaded
http://www.securityfocus.com/archive/1/438580/100/0/threaded
http://www.securityfocus.com/bid/15636
http://www.securityfocus.com/bid/18593
http://www.vupen.com/english/advisories/2005/2652
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23312
https://exchange.xforce.ibmcloud.com/vulnerabilities/27362
http://ltwcalendar.sourceforge.net/changelog.php
http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html
http://secunia.com/advisories/17799
Vendor Advisory
http://securitytracker.com/id?1016364
http://www.Silitix.com/calendar-cws.php

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:codewalkers:ltwcalendar:*:*:*:*:*:*:*:*

Версия до 4.1.3 (включая)

EPSS

Процентиль: 82%

0.01817

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-w9rg-rxp3-7v7q

github

почти 4 года назад