Vulnerabilities > Webcalendar > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-25 | CVE-2008-1954 | SQL Injection vulnerability in Webcalendar web Calendar PRO 4.0 SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
| 2007-03-08 | CVE-2007-1343 | Unspecified vulnerability in Webcalendar includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | 7.5 |
| 2005-12-04 | CVE-2005-3984 | SQL Injection vulnerability in Webcalendar 1.0.1 SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. | 7.5 |
| 2005-12-01 | CVE-2005-3949 | SQL Injection vulnerability in Webcalendar 1.0.1 Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | 7.5 |
| 2005-08-29 | CVE-2005-2717 | Remote File Include vulnerability in Webcalendar 1.0.0 PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | 7.5 |
| 2005-07-19 | CVE-2005-2320 | Unspecified vulnerability in Webcalendar WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | 7.5 |
| 2004-12-31 | CVE-2004-1510 | Remote vulnerability in WebCalendar WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php. | 7.5 |
| 2004-12-31 | CVE-2004-1508 | Remote vulnerability in WebCalendar init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter. | 7.5 |
| 2001-06-27 | CVE-2001-0477 | Remote Command Execution vulnerability in WebCalendar Vulnerability in WebCalendar 0.9.26 allows remote command execution. | 7.5 |