Unrated severityNVD Advisory· Published Jun 12, 2006· Updated Apr 16, 2026

CVE-2006-2973

Description

Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.

Affected products

Php Lite/Calendar Express
cpe:2.3:a:php_lite:calendar_express:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/18314nvdExploit
www.vupen.com/english/advisories/2006/2220nvdVendor Advisory
securityreason.com/securityalert/1089nvd
www.securityfocus.com/archive/1/436334/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000