Vulnerabilities > CVE-2005-4008 - SQL Injection vulnerability in JAX Calendar JAX Calendar 1.34

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jax-calendar

NVD

Published: 2005-12-05

Updated: 2008-09-20

Summary

SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters.

Vulnerable Configurations

Part	Description	Count
Application	Jax_Calendar JAX Calendar JAX Calendar 1.34	1

References

http://pridels0.blogspot.com/2005/11/jax-calendar-134-vuln.html
http://www.osvdb.org/21406
http://www.securityfocus.com/bid/16130