Vulnerabilities > Expinion NET > Multicalendars

DATE CVE VULNERABILITY TITLE RISK
2006-11-20 CVE-2006-5977 SQL-Injection vulnerability in MultiCalendars
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp.
network
low complexity
expinion-net
7.5
7.5
2006-05-10 CVE-2006-2293 SQL Injection vulnerability in Expinion.Net Multicalendars 3.0
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter.
network
low complexity
expinion-net
6.4
6.4