Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4011

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4011
Last Modified 08 Aug 2011 12:00:00
Published 05 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4011

Summary

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Systems

Application

  • Codewalkers Ltwcalendar 4.1.3


References

XF - phpeventcalendar-calendar-sql-injection(27362)

XF - itwcalendar-calendar-sql-injection(23312)

VUPEN - ADV-2005-2652

MISC - http://www.Silitix.com/calendar-cws.php

BID - 18593

BID - 15636

BUGTRAQ - 20060627 Re: Calendar ( Provided by Codewalkers ) - SQL Injection

BUGTRAQ - 20060622 Calendar ( Provided by Codewalkers ) - SQL Injection

OSVDB - 27539

OSVDB - 21195

VIM - 20061201 ltwCalendar = PHP Event Calendar, and vendor ACK

SECTRACK - 1016364

SECUNIA - 17799

MISC - http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html

CONFIRM - http://ltwcalendar.sourceforge.net/changelog.php


Last Updated: 27 May 2016 10:41:08