Published: 09/07/2007 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote malicious users to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php lite calendar express 2.2

source: wwwsecurityfocuscom/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities ...

source: wwwsecurityfocuscom/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabiliti ...

source: wwwsecurityfocuscom/bid/14504/info Calendar Express is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabili ...

NVD-CWE-Other http://www.securityfocus.com/bid/14504 https://nvd.nist.gov https://www.exploit-db.com/exploits/26112/

CVE-2007-3627

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect