Published: 05/12/2005 Updated: 19/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
codewalkers ltwcalendar

source: wwwsecurityfocuscom/bid/18593/info PHP Event Calendar is prone to an SQL-injection vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit ...

CWE-89 http://secunia.com/advisories/17799 http://www.securityfocus.com/bid/15636 http://www.osvdb.org/21195 http://www.Silitix.com/calendar-cws.php http://ltwcalendar.sourceforge.net/changelog.php http://www.attrition.org/pipermail/vim/2006-December/001154.html http://www.securityfocus.com/bid/18593 http://www.osvdb.org/27539 http://securitytracker.com/id?1016364 http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html http://www.vupen.com/english/advisories/2005/2652 https://exchange.xforce.ibmcloud.com/vulnerabilities/27362 https://exchange.xforce.ibmcloud.com/vulnerabilities/23312 http://www.securityfocus.com/archive/1/438580/100/0/threaded http://www.securityfocus.com/archive/1/438232/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28088/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-4011

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect