Expinion.net » Multicalendars : Security Vulnerabilities, CVEs,
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
Max CVSS
7.5
EPSS Score
0.20%
Published
2006-11-20
Updated
2018-10-17
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Max CVSS
6.4
EPSS Score
0.65%
Published
2006-05-10
Updated
2017-07-20
2 vulnerabilities found