CVE-2006-6030

Name of the Vulnerable Software and Affected Versions E-Calendar Pro version 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the username and passwd fields in the "admin/default.asp" API endpoint, or through the Event Title, Location, or Description fields when making a search engine query in the "search.asp" API endpoint.

Recommendations For E-Calendar Pro version 3.0, consider restricting access to the "admin/default.asp" and "search.asp" API endpoints until a patch is available. As a temporary workaround, avoid using the username and passwd fields in "admin/default.asp", and the Event Title, Location, or Description fields in "search.asp" to minimize the risk of exploitation.