Codewalkers: >> Ltwcalendar >> 4.1.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVSS Score
6.8
EPSS Score
0.009
Published
2006-12-02
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
CVSS Score
5.0
EPSS Score
0.003
Published
2006-12-02
PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement
CVSS Score
7.5
EPSS Score
0.014
Published
2006-06-15