CVE-2006-1372 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm (2) NewsID parameter in newsView.cfm or (3) ThisDate parameter in mainCal.cfm.

Reference

http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html http://secunia.com/advisories/19329 http://www.osvdb.org/24021 http://www.osvdb.org/24022 http://www.osvdb.org/24023 http://www.securityfocus.com/bid/17193 http://www.vupen.com/english/advisories/2006/1040 https://exchange.xforce.ibmcloud.com/vulnerabilities/25373

Share on: