Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2880

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2880
Last Modified 05 Sep 2008 04:52:54
Published 14 Sep 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2880

Summary

Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php.

Vulnerable Systems

Application

  • Phpcommunitycalendar 4.0

  • Phpcommunitycalendar 4.0.1

  • Phpcommunitycalendar 4.0.3


References

XF - phpcommunitycalendar-week-sql-injection(22175)

BID - 14763

SECUNIA - 16721

MISC - http://rgod.altervista.org/phpccal.html

BUGTRAQ - 20050905 phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting


Last Updated: 27 May 2016 10:40:40