Vulnerability Description
SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webcalendar | Webcalendar | 1.0.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/17848PatchVendor Advisory
- http://vd.lwang.org/webcalendar_multiple_vulns.txtVendor Advisory
- http://www.osvdb.org/21382
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2702Vendor Advisory
- http://secunia.com/advisories/17848PatchVendor Advisory
- http://vd.lwang.org/webcalendar_multiple_vulns.txtVendor Advisory
- http://www.osvdb.org/21382
- http://www.securityfocus.com/archive/1/418286/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2702Vendor Advisory
FAQ
What is CVE-2005-3984?
CVE-2005-3984 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php ...
How severe is CVE-2005-3984?
CVE-2005-3984 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3984?
Check the references section above for vendor advisories and patch information. Affected products include: Webcalendar Webcalendar.