Vulnerabilities > CVE-2006-0492 - SQL Injection vulnerability in Vincent HOR Calendarix 0.6.20050830
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://secunia.com/advisories/18667
- http://securityreason.com/securityalert/394
- http://securitytracker.com/id?1015560
- http://www.evuln.com/vulns/52/summary.html
- http://www.osvdb.org/22810
- http://www.osvdb.org/22811
- http://www.securityfocus.com/archive/1/423656/100/0/threaded
- http://www.securityfocus.com/bid/16456
- http://www.vupen.com/english/advisories/2006/0365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24332