Calendar Express Multiple Flaws Network Vulnerability

Summary

The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection vulnerability. Description : The remote host is using Calendar Express, a PHP web calendar. A vulnerability exists in this version which may allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker may exploit these flaws to use the remote host to perform attacks against third-party users, or to execute arbitrary SQL statements on the remote SQL database.

Solution

Upgrade to the latest version of this software.

Severity

Classification

CVE CVE-2007-3627
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities

Take action and discover your vulnerabilities