SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
[
{
"vendor": "Thinkingreed Inc.",
"product": "OSS Calendar",
"versions": [
{
"version": "prior to v.2.0.3",
"status": "affected"
}
]
}
]