Vulnerability Description
SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Benders Calendar | Benders Calendar | <= 1.0 |
References
- http://evuln.com/vulns/30/summary.htmlExploitVendor Advisory
- http://secunia.com/advisories/18462Vendor Advisory
- http://securitytracker.com/id?1015491ExploitVendor Advisory
- http://www.osvdb.org/22449
- http://www.securityfocus.com/archive/1/422052/100/0/threaded
- http://www.securityfocus.com/bid/16242Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0190
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24120
- http://evuln.com/vulns/30/summary.htmlExploitVendor Advisory
- http://secunia.com/advisories/18462Vendor Advisory
- http://securitytracker.com/id?1015491ExploitVendor Advisory
- http://www.osvdb.org/22449
- http://www.securityfocus.com/archive/1/422052/100/0/threaded
- http://www.securityfocus.com/bid/16242Vendor Advisory
- http://www.vupen.com/english/advisories/2006/0190
FAQ
What is CVE-2006-0252?
CVE-2006-0252 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameter...
How severe is CVE-2006-0252?
CVE-2006-0252 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0252?
Check the references section above for vendor advisories and patch information. Affected products include: Benders Calendar Benders Calendar.