Vulnerabilities > CVE-2006-0610 - SQL Injection vulnerability in 2200Net Calendar 1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/43943/EV0062.txt |
id | PACKETSTORM:43943 |
last seen | 2016-12-05 |
published | 2006-02-17 |
reporter | Aliaksandr Hartsuyeu |
source | https://packetstormsecurity.com/files/43943/EV0062.txt.html |
title | EV0062.txt |
References
- http://marc.info/?l=bugtraq&m=114003781801861&w=2
- http://secunia.com/advisories/18781
- http://www.evuln.com/vulns/62/summary.html
- http://www.osvdb.org/23037
- http://www.osvdb.org/23038
- http://www.securityfocus.com/archive/1/425094/100/0/threaded
- http://www.securityfocus.com/bid/16569
- http://www.vupen.com/english/advisories/2006/0486
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24484