CVE-2005-1865

Name of the Vulnerable Software and Affected Versions Calendarix Advanced version 1.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the catview parameter to API endpoints such as "/cal week.php", "/cal cat.php", or "/cal day.php", or the id parameter to "/cal pophols.php".

Recommendations For Calendarix Advanced version 1.5, consider restricting access to the catview parameter in the affected API endpoints and the id parameter in "/cal pophols.php" until a patch is available. As a temporary workaround, avoid using these parameters in the specified endpoints to minimize the risk of exploitation.