CVE-2009-1945
published 2009-06-05CVE-2009-1945: SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.6th percentile
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 2.6.35 < 5.4.301 | 5.4.301 |
| linux | linux_kernel | >= 5.11.0 < 5.15.195 | 5.15.195 |
| linux | linux_kernel | >= 5.16.0 < 6.1.156 | 6.1.156 |
| linux | linux_kernel | >= 5.5.0 < 5.10.246 | 5.10.246 |
| linux | linux_kernel | >= 6.13.0 < 6.16.11 | 6.16.11 |
| linux | linux_kernel | >= 6.17.0 < 6.17.1 | 6.17.1 |
| linux | linux_kernel | >= 6.2.0 < 6.6.110 | 6.6.110 |
| linux | linux_kernel | >= 6.7.0 < 6.12.51 | 6.12.51 |
| tzo | webcal | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
media: rc: fix races with imon_disconnect()
osv·2025-10-15
CVE-2025-39993 media: rc: fix races with imon_disconnect()
media: rc: fix races with imon_disconnect()
In the Linux kernel, the following vulnerability has been resolved:
media: rc: fix races with imon_disconnect()
Syzbot reports a KASAN issue as below:
BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]
BUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627
Read of size 4 at addr ffff8880256fb000 by task syz-executor314/4465
CPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:317 [inline]
print_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433
kasan_repo
GHSA
GHSA-pgw9-5whm-4494: SQL injection vulnerability in webCal3_detail
ghsa_unreviewed·2022-05-02
CVE-2009-1945 [HIGH] CWE-89 GHSA-pgw9-5whm-4494: SQL injection vulnerability in webCal3_detail
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
No detection rules found.
No writeups or analysis indexed.
2009-06-05
Published