CVE-2007-3183
published 2007-06-26CVE-2007-3183: Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.50%
90.3th percentile
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calendarix | basic | — | — |
| vincent_hor | calendarix | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6rg-8v6j-5336: Multiple SQL injection vulnerabilities in Calendarix 0
ghsa_unreviewed·2022-05-01
CVE-2007-3183 [MEDIUM] GHSA-w6rg-8v6j-5336: Multiple SQL injection vulnerabilities in Calendarix 0
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
GHSA
GHSA-5vx8-cj8m-h5g8: Multiple SQL injection vulnerabilities in Calendarix Basic 0
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2429 [HIGH] CWE-89 GHSA-5vx8-cj8m-h5g8: Multiple SQL injection vulnerabilities in Calendarix Basic 0
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/35694http://secunia.com/advisories/25795http://securityreason.com/securityalert/2837http://www.netvigilance.com/advisory0038http://www.osvdb.org/35373http://www.securityfocus.com/archive/1/472221/100/0/threadedhttp://www.securityfocus.com/bid/24633http://www.securitytracker.com/id?1018287http://www.vupen.com/english/advisories/2007/2324https://exchange.xforce.ibmcloud.com/vulnerabilities/35046http://osvdb.org/35694http://secunia.com/advisories/25795http://securityreason.com/securityalert/2837http://www.netvigilance.com/advisory0038http://www.osvdb.org/35373http://www.securityfocus.com/archive/1/472221/100/0/threadedhttp://www.securityfocus.com/bid/24633http://www.securitytracker.com/id?1018287http://www.vupen.com/english/advisories/2007/2324https://exchange.xforce.ibmcloud.com/vulnerabilities/35046
2007-06-26
Published