Unrated severityNVD Advisory· Published Mar 24, 2006· Updated Apr 16, 2026

CVE-2006-1372

Description

Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.

Affected products

Benson It Solutions/1webcalendar
cpe:2.3:a:benson_it_solutions:1webcalendar:*:*:*:*:*:*:*:*
Range: <=4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19329nvdExploit
pridels0.blogspot.com/2006/03/1webcalendar-v-4x-vuln.htmlnvd
www.osvdb.org/24021nvd
www.osvdb.org/24022nvd
www.osvdb.org/24023nvd
www.securityfocus.com/bid/17193nvd
www.vupen.com/english/advisories/2006/1040nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25373nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000