CVE-2005-3949

Name of the Vulnerable Software and Affected Versions WebCalendar version 1.0.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in several parameters, including the startid parameter to "activity log.php" and "admin handler.php", the template parameter to "edit template.php", and multiple parameters to "export handler.php".

Recommendations For WebCalendar version 1.0.1, avoid using the startid parameter in "activity log.php" and "admin handler.php", the template parameter in "edit template.php", and restrict access to "export handler.php" until a fix is available. Consider temporarily disabling the execution of SQL commands from these parameters as a quick mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.