Ltwcalendar

ltwcalendar

Vendor: Codewalkers • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-6229 1Codewalkers 1Ltwcalendar Apr 23, 2026 Dec 2, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
CVE-2006-6228 1Codewalkers 1Ltwcalendar Apr 23, 2026 Dec 2, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-3041 1Codewalkers 1Ltwcalendar Apr 16, 2026 Jun 15, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE dis...Show more PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statementShow less
CVE-2005-4011 1Codewalkers 1Ltwcalendar Apr 16, 2026 Dec 5, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.