Webcalendar: >> Webcalendar >> 0.9.45 Security Vulnerabilities
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-07-19
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
CVSS Score
6.4
EPSS Score
0.006
Published
2005-03-30