CVE-2006-0252 - SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL

CVE-2006-0252

Summary

SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.

References

http://evuln.com/vulns/30/summary.html
http://secunia.com/advisories/18462
http://securitytracker.com/id?1015491
http://www.osvdb.org/22449
http://www.securityfocus.com/archive/1/422052/100/0/threaded
http://www.securityfocus.com/bid/16242
http://www.vupen.com/english/advisories/2006/0190
https://exchange.xforce.ibmcloud.com/vulnerabilities/24120

Vulnerable Configurations

cpe:2.3:a:benders_calendar:benders_calendar:*:*:*:*:*:*:*:*
cpe:2.3:a:benders_calendar:benders_calendar:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16242
bugtraq	20060115 [eVuln] Benders Calendar SQL Injection
misc	http://evuln.com/vulns/30/summary.html
osvdb	22449
sectrack	1015491
secunia	18462
vupen	ADV-2006-0190
xf	benderscalendar-sql-injection(24120)

Last major update

19-10-2018 - 15:43

Published

18-01-2006 - 01:51

Last modified

19-10-2018 - 15:43