Vincent Hor » Calendarix » 0.6.2005-08-30 : Security Vulnerabilities, CVEs,
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
Max CVSS
7.5
EPSS Score
4.32%
Published
2006-08-14
Updated
2024-04-11
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
Max CVSS
2.6
EPSS Score
0.99%
Published
2006-04-19
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
Max CVSS
7.5
EPSS Score
1.21%
Published
2006-02-01
Updated
2018-10-19
3 vulnerabilities found