PT-2008-3898 · Vincent Hor+1 · Calendarix Advanced+1

Published

2008-11-26

Updated

2008-11-26

CVE-2008-2429

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal search.php or (2) the catview parameter to cal cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-2429

Affected Products

Calendarix Advanced

Basic

PT-2008-3898 · Vincent Hor+1 · Calendarix Advanced+1

CVE-2008-2429

Weakness Enumeration

Related Identifiers

Affected Products

References · 4