CVE-2004-1654 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-1654

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.

Affected Software

Name	Vendor	Start Version	End Version
Phpwebsite	Phpwebsite	0.7.3 (including)	0.7.3 (including)
Phpwebsite	Phpwebsite	0.8.2 (including)	0.8.2 (including)
Phpwebsite	Phpwebsite	0.8.3 (including)	0.8.3 (including)
Phpwebsite	Phpwebsite	0.9.3 (including)	0.9.3 (including)
Phpwebsite	Phpwebsite	0.9.3.4 (including)	0.9.3.4 (including)

References

http://marc.info/?l=bugtraq\u0026m=109413493005513\u0026w=2
http://secunia.com/advisories/12438
http://www.gulftech.org/?node=research\u0026article_id=00048-08312004
http://www.phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_user_op=view\u0026ANN_id=822
http://www.securityfocus.com/bid/11088
https://exchange.xforce.ibmcloud.com/vulnerabilities/17199