PT-2005-2477 · Aaron · Aaron Outpost Asp Inline Corporate Calendar

Zinho

Published

2005-05-11

Updated

2017-07-11

CVE-2005-1481

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Aaron Outpost ASP Inline Corporate Calendar (affected versions not specified)

Description: The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved by manipulating the Event ID parameter in specific API endpoints, such as "/defer.asp" or "/details.asp".

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1481

Affected Products

Aaron Outpost Asp Inline Corporate Calendar

PT-2005-2477 · Aaron · Aaron Outpost Asp Inline Corporate Calendar

CVE-2005-1481

Related Identifiers

Affected Products

References · 7