Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Codewalkers Subscribe
Filtered by product Ltwcalendar
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-4011 1 Codewalkers 1 Ltwcalendar 2018-10-19 7.5 HIGH N/A
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3041 1 Codewalkers 1 Ltwcalendar 2018-10-18 7.5 HIGH N/A
** DISPUTED ** PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement.
CVE-2006-6228 1 Codewalkers 1 Ltwcalendar 2008-09-05 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-6229 1 Codewalkers 1 Ltwcalendar 2008-09-05 5.0 MEDIUM N/A
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.