Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.
References
Configurations
Information
Published : 2006-06-12 15:02
Updated : 2018-10-18 09:45
NVD link : CVE-2006-2973
Mitre link : CVE-2006-2973
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
php_lite
- calendar_express