Vulnerabilities > CVE-2006-4906 - SQL Injection vulnerability in Marc Logemann More.Groupware 0.74

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

marc-logemann

exploit available

NVD

Published: 2006-09-21

Updated: 2017-10-19

Summary

SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Marc_Logemann Marc Logemann More.Groupware 0.74	1

Exploit-Db

description	more.groupware <= 0.74 (new_calendarid) Remote SQL Injection Exploit. CVE-2006-4906. Webapps exploit for php platform
file	exploits/php/webapps/2394.php
id	EDB-ID:2394
last seen	2016-01-31
modified	2006-09-19
platform	php
port
published	2006-09-19
reporter	x128
source	https://www.exploit-db.com/download/2394/
title	more.groupware <= 0.74 new_calendarid Remote SQL Injection Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References