CVE-2005-3911 Information

Description

Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters.

Reference

http://pridels0.blogspot.com/2005/11/bosdates-v40-sql-vuln.html http://secunia.com/advisories/17752 http://www.osvdb.org/21173 http://www.securityfocus.com/bid/15632 http://www.vupen.com/english/advisories/2005/2632