Back to search
CVE-2006-1372
Published: Mar 24, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html
x_refsource_MISC
1webcalendar-multiple-sql-injection(25373)
vdb-entry
x_refsource_XF
24023
vdb-entry
x_refsource_OSVDB
17193
vdb-entry
x_refsource_BID
19329
third-party-advisory
x_refsource_SECUNIA
ADV-2006-1040
vdb-entry
x_refsource_VUPEN
24021
vdb-entry
x_refsource_OSVDB
24022
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now