Vulnerabilities > CVE-2005-0474 - SQL-Injection vulnerability in Webcalendar 0.9.45
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBCALENDAR_SQL2.NASL |
| description | The remote version of WebCalendar contains a SQL injection vulnerability that may allow an attacker to execute arbitrary SQL statements against the remote database. An attacker may be able to leverage this issue to, for example, delete arbitrary database tables. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17142 |
| published | 2005-02-18 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17142 |
| title | WebCalendar login.php webcalendar_session Cookie SQL Injection |