CVE-2004-0275

Description

SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.

Affected products

• bosdev / bosdates3.0 – 3.0
• bosdev / bosdates3.1 – 3.1
• bosdev / bosdates3.2 – 3.2

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=107651618613575&w=2
• MISChttp://www.securityfocus.com/bid/9639
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/15133
• VENDOR_ADVISORYhttp://www.zone-h.org/en/advisories/read/id=3925/