CVE-2006-2797 Information

Description

Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php (b) day.php and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php.

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/26648 https://www.exploit-db.com/exploits/1818