CVE-2005-3984

Publication date 4 December 2005

Last updated 24 July 2024


Ubuntu priority

SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.

Status

Package Ubuntu Release Status
webcalendar 7.04 feisty Not in release
6.10 edgy
Fixed 1.0.2-2.1
6.06 LTS dapper
Fixed 1.0.2-2.1