Vulnerabilities > CVE-2006-0673 - SQL Injection vulnerability in Reamday Enterprises Magic Calendar Lite 1.02

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
reamday-enterprises
exploit available

Summary

Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.

Vulnerable Configurations

Part Description Count
Application
Reamday_Enterprises
1

Exploit-Db

descriptionMagic Calendar Lite 1.02 Index.PHP SQL Injection Vulnerability. CVE-2006-0673. Webapps exploit for php platform
idEDB-ID:27251
last seen2016-02-03
modified2006-02-20
published2006-02-20
reporterAliaksandr Hartsuyeu
sourcehttps://www.exploit-db.com/download/27251/
titleMagic Calendar Lite 1.02 Index.PHP SQL Injection Vulnerability