Vulnerabilities > CVE-2006-0610 - Unspecified vulnerability in 2200Net Calendar 1.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/43943/EV0062.txt |
| id | PACKETSTORM:43943 |
| last seen | 2016-12-05 |
| published | 2006-02-17 |
| reporter | Aliaksandr Hartsuyeu |
| source | https://packetstormsecurity.com/files/43943/EV0062.txt.html |
| title | EV0062.txt |
References
- http://marc.info/?l=bugtraq&m=114003781801861&w=2
- http://marc.info/?l=bugtraq&m=114003781801861&w=2
- http://secunia.com/advisories/18781
- http://secunia.com/advisories/18781
- http://www.evuln.com/vulns/62/summary.html
- http://www.evuln.com/vulns/62/summary.html
- http://www.osvdb.org/23037
- http://www.osvdb.org/23037
- http://www.osvdb.org/23038
- http://www.osvdb.org/23038
- http://www.securityfocus.com/archive/1/425094/100/0/threaded
- http://www.securityfocus.com/archive/1/425094/100/0/threaded
- http://www.securityfocus.com/bid/16569
- http://www.securityfocus.com/bid/16569
- http://www.vupen.com/english/advisories/2006/0486
- http://www.vupen.com/english/advisories/2006/0486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24484
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24484