VYPR

PHP Calendar

by PHP Calendar

Source repositories

CVEs (11)

  • CVE-2021-42077CriNov 8, 2021
    risk 0.64cvss 9.8epss 0.02

    PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database…

  • CVE-2021-42078MedNov 8, 2021
    risk 0.40cvss 6.1epss 0.01

    PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users,…

  • CVE-2017-6485MedMar 5, 2017
    risk 0.40cvss 6.1epss 0.01

    A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script…

  • CVE-2004-1423Dec 31, 2004
    risk 0.04cvss epss 0.15

    Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to…

  • CVE-2011-5045Dec 30, 2011
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.

  • CVE-2009-3702Dec 22, 2009
    risk 0.03cvss epss 0.02

    Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged…

  • CVE-2006-1422Mar 28, 2006
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.

  • CVE-2025-1410Feb 21, 2025
    risk 0.00cvss epss 0.00

    The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2013-1955Jul 20, 2013
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-2041May 25, 2010
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.

  • CVE-2005-1397May 3, 2005
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.