2 matches found
CVE-2006-0610
Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpcmagicquotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via 1 the fmdataid parameter to calendar.php and 2 the $ad'acc' variable in adminlogin.php...
CVE-2006-0610
The CVE-2006-0610 entry relates to the 2200net Calendar system (version 1.2). Two vulnerable vectors are identified: (1) calendar.php where fm_data[id] can be injected to modify SQL queries, and (2) adminlogin.php where $ad['acc'] can be manipulated. Affected condition: magic_quotes_gpc must be o...