Vulnerabilities > CVE-2007-3627 - SQL Injection vulnerability in PHP Lite Calendar Express 2.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php-lite
nessus
exploit available
NVD
Published: 2007-07-09
Updated: 2008-09-05

Summary

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Php_Lite
1

Exploit-Db

  • descriptionPHP Lite Calendar Express 2.2 auth.php cid Parameter SQL Injection. CVE-2007-3627. Webapps exploit for php platform
    idEDB-ID:26113
    last seen2016-02-03
    modified2005-08-08
    published2005-08-08
    reporteralmaster
    sourcehttps://www.exploit-db.com/download/26113/
    titlePHP Lite Calendar Express 2.2 - auth.php cid Parameter SQL Injection
  • descriptionPHP Lite Calendar Express 2.2 subscribe.php cid Parameter SQL Injection. CVE-2007-3627. Webapps exploit for php platform
    idEDB-ID:26114
    last seen2016-02-03
    modified2005-08-08
    published2005-08-08
    reporteralmaster
    sourcehttps://www.exploit-db.com/download/26114/
    titlePHP Lite Calendar Express 2.2 subscribe.php cid Parameter SQL Injection
  • descriptionPHP Lite Calendar Express 2.2 login.php cid Parameter SQL Injection. CVE-2007-3627. Webapps exploit for php platform
    idEDB-ID:26112
    last seen2016-02-03
    modified2005-08-08
    published2005-08-08
    reporteralmaster
    sourcehttps://www.exploit-db.com/download/26112/
    titlePHP Lite Calendar Express 2.2 login.php cid Parameter SQL Injection

Nessus

NASL familyCGI abuses
NASL idCALENDAR_EXPRESS_FLAWS.NASL
descriptionThe remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user
last seen2020-06-01
modified2020-06-02
plugin id19749
published2005-09-19
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/19749
titleCalendar Express Multiple Vulnerabilities (SQLi, XSS)

References