SQL Injection Vulnerabilities in PHP Lite Calendar Express 2.2 and Earlier

SQL Injection Vulnerabilities in PHP Lite Calendar Express 2.2 and Earlier

CVE-2005-4009 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.