Unrated severityNVD Advisory· Published Dec 1, 2005· Updated Apr 16, 2026
CVE-2005-3949
CVE-2005-3949
Description
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php.
Affected products
1- cpe:2.3:a:webcalendar:webcalendar:1.0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- secunia.com/advisories/17784nvdVendor Advisory
- www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilitiesnvdVendor Advisory
- secunia.com/advisories/19240nvd
- securityreason.com/securityalert/215nvd
- sourceforge.net/forum/forum.phpnvd
- www.debian.org/security/2006/dsa-1002nvd
- www.osvdb.org/21216nvd
- www.osvdb.org/21217nvd
- www.osvdb.org/21218nvd
- www.osvdb.org/21219nvd
- www.securityfocus.com/archive/1/417900/100/0/threadednvd
- www.securityfocus.com/archive/1/418286/100/0/threadednvd
- www.securityfocus.com/bid/15606nvd
- www.securityfocus.com/bid/15608nvd
- www.securityfocus.com/bid/15662nvd
- www.vupen.com/english/advisories/2005/2643nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/23369nvd
News mentions
0No linked articles in our index yet.