Rob Sutton: >> Php-Nuke Event Calendar Security Vulnerabilities
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.
CVSS Score
5.0
EPSS Score
0.006
Published
2004-12-31
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
CVSS Score
4.3
EPSS Score
0.007
Published
2004-12-31
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.
CVSS Score
7.5
EPSS Score
0.007
Published
2004-12-31