Описание
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:expinion.net:multicalendars:*:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00487
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
EPSS
Процентиль: 65%
0.00487
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other