← Back

Codewalkers

codewalkers

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Ltwcalendar
ltwcalendar
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-6229
1Codewalkers
1Ltwcalendar
Apr 23, 2026
Dec 2, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
CVE-2006-6228
1Codewalkers
1Ltwcalendar
Apr 23, 2026
Dec 2, 2006
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-3041
1Codewalkers
1Ltwcalendar
Apr 16, 2026
Jun 15, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE dis...Show more
PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statementShow less
CVE-2005-4011
1Codewalkers
1Ltwcalendar
Apr 16, 2026
Dec 5, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.