cbcvebase.

Codewalkers Ltwcalendar vulnerabilities

4 known vulnerabilities affecting codewalkers/ltwcalendar.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2005-4011P3HIGHCVSS 7.5PoC≤ 4.1.32005-12-05
CVE-2005-4011 [HIGH] CWE-89 CVE-2005-4011: SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
nvd
CVE-2006-3041P4HIGHCVSS 7.5v4.1.32006-06-15
CVE-2006-3041 [HIGH] CVE-2006-3041: PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an inc
nvd
CVE-2006-6228P4MEDIUMCVSS 6.8v4.1.3v4.22006-12-02
CVE-2006-6228 [MEDIUM] CVE-2006-6228: Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
nvd
CVE-2006-6229P4MEDIUMCVSS 5.0v4.1.3v4.22006-12-02
CVE-2006-6229 [MEDIUM] CVE-2006-6229: Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might all Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
nvd
Codewalkers Ltwcalendar vulnerabilities | cvebase