4 matches found
CVE-2006-2973
CVE-2006-2973 involves multiple SQL injection vulnerabilities in month.php of PHP Lite Calendar Express 2.2 . The issue allows remote attackers to execute arbitrary SQL commands via the (1) and (2) parameters, potentially affecting the application’s database through the affected page. The CVSS ...
CVE-2007-3627
CVE-2007-3627 concerns PHP Lite Calendar Express 2.2 with multiple SQL injection flaws exploitable via the cid parameter in login.php, auth.php, and subscribe.php. The vulnerability allows remote attackers to inject arbitrary SQL commands. The note states that month.php, year.php, week.php, and d...
CVE-2005-4009
Summary of confirmed issues (CVE-2005-4009, CVE-2007-3627, related CVEs): PHP Lite Calendar Express 2.2 and earlier contain multiple SQL injection vulnerabilities. The CVE-2005-4009 entries describe injection via the cid and catid parameters to day.php, week.php, month.php, and year.php. The CVE-...
CVE-2006-1401
CVE-2006-1401 affects Calendar Express 2.2. The issue is multiple XSS in search.php exploitable via the allwords and oneword parameters, allowing remote script/HTML injection. The connected documents confirm the affected component and vulnerability class but do not provide explicit exploit detail...