CVE-2004-1654 | Vulnerability Database | Aqua Security

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.

Affected Software

Name	Vendor	Start Version	End Version
Phpwebsite	Phpwebsite	0.7.3 (including)	0.7.3 (including)
Phpwebsite	Phpwebsite	0.8.2 (including)	0.8.2 (including)
Phpwebsite	Phpwebsite	0.8.3 (including)	0.8.3 (including)
Phpwebsite	Phpwebsite	0.9.3 (including)	0.9.3 (including)
Phpwebsite	Phpwebsite	0.9.3.4 (including)	0.9.3.4 (including)

References

http://marc.info/?l=bugtraq\u0026m=109413493005513\u0026w=2
http://secunia.com/advisories/12438
http://www.gulftech.org/?node=research\u0026article_id=00048-08312004
http://www.phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_user_op=view\u0026ANN_id=822
http://www.securityfocus.com/bid/11088
https://exchange.xforce.ibmcloud.com/vulnerabilities/17199
http://marc.info/?l=bugtraq\u0026m=109413493005513\u0026w=2
http://secunia.com/advisories/12438
http://www.gulftech.org/?node=research\u0026article_id=00048-08312004
http://www.phpwebsite.appstate.edu/index.php?module=announce\u0026ANN_user_op=view\u0026ANN_id=822
http://www.securityfocus.com/bid/11088
https://exchange.xforce.ibmcloud.com/vulnerabilities/17199

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1654
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html