CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

EUVD-2016-10881

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

PT-2026-49207

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

EUVD-2007-4926

Malware in sbrugna...

EUVD-2006-0175

Malware in sbrugna...

EUVD-2005-3022

Malware in sbrugna...

CVE-2022-0694

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

Invision Power Services IPS Community Suite Cross-Site Scripting Vulnerability

Invision Power Services IPS Community Suite is a PHP and MySQL based Web forum program from Invision Power Services, Inc. A cross-site scripting vulnerability in version 4.x prior to Invision Power Services IPS Community Suite 4.0.12.1 allows remote, authenticated users to submit a calendar //...

MyPhPim calendar.php3 cal_id Parameter SQL Injection - Ver2 (CVE-2006-0167)

An SQL injection vulnerability has been reported in MyPhPim. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2009-3856

Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-3856

Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...

CVE-2006-3909

Cross-site scripting XSS vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via 1 the day parameter in calendar.php and 2 the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2004-0275

SQL injection vulnerability in calendardownload.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter...