CVE-2006-2973

Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.

Date published : 2006-06-12

http://www.securityfocus.com/bid/18314

http://www.securityfocus.com/archive/1/436334/100/0/threaded