Vincent Hor » Calendarix » 0.6.2005-08-30 : Security Vulnerabilities, CVEs,

cpe:2.3:a:vincent_hor:calendarix:0.6.2005-08-30:*:*:*:*:*:*:*

CVE-2006-4135

PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
Max CVSS
7.5
EPSS Score
4.32%
Published
2006-08-14
Updated
2024-04-11

CVE-2006-1835

Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter.
Max CVSS
2.6
EPSS Score
0.99%
Published
2006-04-19
Updated
2018-10-18

CVE-2006-0492

Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865.
Max CVSS
7.5
EPSS Score
1.21%
Published
2006-02-01
Updated
2018-10-19
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close