Vulnerabilities > CVE-2005-1865 - Unspecified vulnerability in Vincent HOR Calendarix Advanced 1.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN vincent-hor
nessus
Summary
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | CALENDARIX_SQL.NASL |
description | The remote host is running Calendarix, a PHP-based calendar system. The remote version of this software is prone to a remote file include vulnerability as well as multiple cross-site scripting, and SQL injection vulnerabilities. Successful exploitation could result in execution of arbitrary PHP code on the remote site, a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18410 |
published | 2005-06-02 |
reporter | Copyright (C) 2005-2018 Josh Zlatin-Amishav |
source | https://www.tenable.com/plugins/nessus/18410 |
title | Calendarix Multiple Vulnerabilities (SQLi, XSS) |
code |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2005-05/0356.html
- http://www.osvdb.org/16971
- http://www.osvdb.org/16972
- http://www.osvdb.org/16974
- http://www.osvdb.org/16975
- http://securitytracker.com/alerts/2005/May/1014083.html
- http://secunia.com/advisories/15569
- http://www.calendarix.com/download_advanced.php
- http://www.calendarix.com/download_basic.php