CVE-2005-4011 Information
Description
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Reference
http://ltwcalendar.sourceforge.net/changelog.php http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html http://secunia.com/advisories/17799 http://securitytracker.com/id?1016364 http://www.attrition.org/pipermail/vim/2006-December/001154.html http://www.osvdb.org/21195 http://www.osvdb.org/27539 http://www.securityfocus.com/archive/1/438232/100/0/threaded http://www.securityfocus.com/archive/1/438580/100/0/threaded http://www.securityfocus.com/bid/15636 http://www.securityfocus.com/bid/18593 http://www.Silitix.com/calendar-cws.php http://www.vupen.com/english/advisories/2005/2652 https://exchange.xforce.ibmcloud.com/vulnerabilities/23312 https://exchange.xforce.ibmcloud.com/vulnerabilities/27362
Share on: