5
CVE-2006-1372
- EPSS 1.74%
- Veröffentlicht 24.03.2006 02:02:00
- Zuletzt bearbeitet 16.06.2026 22:22:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Benson It Solutions ≫ 1webcalendar Version <= 4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.74% | 0.748 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
http://pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.html
http://secunia.com/advisories/19329
http://www.osvdb.org/24021
http://www.osvdb.org/24022
http://www.osvdb.org/24023
http://www.securityfocus.com/bid/17193
http://www.vupen.com/english/advisories/2006/1040
https://exchange.xforce.ibmcloud.com/vulnerabilities/25373