CVE-2006-0673

Name of the Vulnerable Software and Affected Versions Magic Calendar Lite version 1.02

Description The issue concerns SQL injection vulnerabilities in the cms/index.php file. These vulnerabilities allow remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. The vulnerable parameters are total login and total password.

Recommendations For Magic Calendar Lite version 1.02, consider disabling the execution of SQL commands via the total login and total password parameters until a patch is available. Restrict access to the cms/index.php file to minimize the risk of exploitation. Avoid using the total login and total password parameters in the affected API endpoint until the issue is resolved. Enable magic quotes gpc to prevent SQL injection attacks.