Search...

CVE-2005-4011

2005-12-05T06:03:00

ID CVE-2005-4011
Type cve
Reporter NVD
Modified 2017-07-19T21:29:08

Description

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-4011", "bulletinFamily": "NVD", "title": "CVE-2005-4011", "description": "SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.", "published": "2005-12-05T06:03:00", "modified": "2017-07-19T21:29:08", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4011", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/27362", "http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html", "http://ltwcalendar.sourceforge.net/changelog.php", "http://securitytracker.com/id?1016364", "http://www.securityfocus.com/bid/18593", "http://www.attrition.org/pipermail/vim/2006-December/001154.html", "http://www.securityfocus.com/archive/1/archive/1/438580/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/23312", "http://www.securityfocus.com/archive/1/archive/1/438232/100/0/threaded", "http://www.vupen.com/english/advisories/2005/2652", "http://www.securityfocus.com/bid/15636", "http://www.Silitix.com/calendar-cws.php"], "cvelist": ["CVE-2005-4011"], "type": "cve", "lastseen": "2017-07-20T10:48:57", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:codewalkers:ltwcalendar:4.1.3"], "cvelist": ["CVE-2005-4011"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 1, "enchantments": {}, "hash": "1b31b9ead86538e63efc8094fb5e11ff4f5b1c9522a70ae02e12cf56ffde0147", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "64cbc4ce7a70da1bf6ae8f9dcf56dc35", "key": "modified"}, {"hash": "2c6229907328bc45374eb0787e77085c", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "723994273b1492b9f25a1241eeac4077", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "de28cd72cc17bfe8761e38076274f01e", "key": "published"}, {"hash": "444df2bbc1477571e8738e198b4a2204", "key": "cpe"}, {"hash": "fc3078f182fc8a82032cecf4def779a6", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6542d907cc841fd1901c06890638ca17", "key": "href"}, {"hash": "b3f4c0dea9ddcbe807caeceb0cab9fc7", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4011", "id": "CVE-2005-4011", "lastseen": "2016-09-03T06:05:18", "modified": "2011-08-08T00:00:00", "objectVersion": "1.2", "published": "2005-12-05T06:03:00", "references": ["http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html", "http://ltwcalendar.sourceforge.net/changelog.php", "http://securitytracker.com/id?1016364", "http://www.securityfocus.com/bid/18593", "http://www.attrition.org/pipermail/vim/2006-December/001154.html", "http://www.securityfocus.com/archive/1/archive/1/438580/100/0/threaded", "http://www.securityfocus.com/archive/1/archive/1/438232/100/0/threaded", "http://www.vupen.com/english/advisories/2005/2652", "http://www.securityfocus.com/bid/15636", "http://xforce.iss.net/xforce/xfdb/23312", "http://xforce.iss.net/xforce/xfdb/27362", "http://www.Silitix.com/calendar-cws.php"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-4011", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:05:18"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "444df2bbc1477571e8738e198b4a2204"}, {"key": "cvelist", "hash": "723994273b1492b9f25a1241eeac4077"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "b3f4c0dea9ddcbe807caeceb0cab9fc7"}, {"key": "href", "hash": "6542d907cc841fd1901c06890638ca17"}, {"key": "modified", "hash": "c86f56381dea828d8cafeadbe7910291"}, {"key": "published", "hash": "de28cd72cc17bfe8761e38076274f01e"}, {"key": "references", "hash": "f59300e29faeb4c5c2a8a24357dc63e5"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "fc3078f182fc8a82032cecf4def779a6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5864cff4de9b3341a542fd873828bcf51de1dbd17aef79ad2fbc724754c554bf", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:codewalkers:ltwcalendar:4.1.3"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"exploitdb": [{"id": "EDB-ID:28088", "type": "exploitdb", "title": "PHP Event Calendar 4.2 - SQL Injection Vulnerability", "description": "PHP Event Calendar 4.2 SQL Injection Vulnerability. CVE-2005-4011. Webapps exploit for php platform", "published": "2006-06-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/28088/", "cvelist": ["CVE-2005-4011"], "lastseen": "2016-02-03T07:24:00"}], "osvdb": [{"id": "OSVDB:21195", "type": "osvdb", "title": "ltwCalendar calendar.php id Variable SQL Injection", "description": "## Vulnerability Description\nItwCalendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the calendar.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 4.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nItwCalendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the calendar.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/calendar.php?display=event&id=[SQL]\n## References:\nVendor URL: http://calendar.codewalkers.com/\nVendor Specific News/Changelog Entry: http://ltwcalendar.sourceforge.net/changelog.php\n[Secunia Advisory ID:17799](https://secuniaresearch.flexerasoftware.com/advisories/17799/)\nOther Advisory URL: http://pridels.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html\nMail List Post: http://attrition.org/pipermail/vim/2006-December/001154.html\nISS X-Force ID: 23312\n[CVE-2005-4011](https://vulners.com/cve/CVE-2005-4011)\n", "published": "2005-11-29T10:19:48", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:21195", "cvelist": ["CVE-2005-4011"], "lastseen": "2017-04-28T13:20:18"}, {"id": "OSVDB:27539", "type": "osvdb", "title": "Codewalkers PHP Event Calendar calendar.php id Variable SQL Injection", "description": "## Vulnerability Description\nPHP Event Calendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'calendar.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 4.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nPHP Event Calendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'calendar.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\n/calendar.php?display=event&id=[SQL]\n## References:\nVendor URL: http://calendar.codewalkers.com/\nSecurity Tracker: 1016364\n[Secunia Advisory ID:17799](https://secuniaresearch.flexerasoftware.com/advisories/17799/)\nOther Advisory URL: http://pridels.blogspot.com/2005...kers-ltwcalendar-4x-sql-inj.html\nOther Advisory URL: http://www.Silitix.com/calendar-cws.php\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0503.html\nKeyword: ltwCalendar\nISS X-Force ID: 27362\nISS X-Force ID: 23312\n[CVE-2006-3248](https://vulners.com/cve/CVE-2006-3248)\n[CVE-2005-4011](https://vulners.com/cve/CVE-2005-4011)\nBugtraq ID: 18593\n", "published": "2005-11-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:27539", "cvelist": ["CVE-2006-3248", "CVE-2005-4011"], "lastseen": "2017-04-28T13:20:24"}]}}