CyberSec.Space Logo
CVEブラウザに戻る

CVE-2005-4011

HIGH
7.5
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile1.34th
Published2005年12月5日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected Platforms (CPE)

📦
Codewalkers

Ltwcalendar

<= 4.1.3

References & Advisories

🔗 http://ltwcalendar.sourceforge.net/changelog.php
🔗 http://pridels0.blogspot.com/2005/11/codewalkers-ltwcalendar-4x-sql-inj.html
🔗 http://secunia.com/advisories/17799
🔗 http://securitytracker.com/id?1016364
🔗 http://www.Silitix.com/calendar-cws.php
🔗 http://www.attrition.org/pipermail/vim/2006-December/001154.html
🔗 http://www.osvdb.org/21195
🔗 http://www.osvdb.org/27539

関連する脆弱性情報

CVE-2006-30417.5

PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to ex...

CVE-2006-62286.8

Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers ...

CVE-2006-62295.0

Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct ...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...