cpe:/a:php_lite:calendar_express:2.2 CVE-2006-2973 2006-06-12T18:02:00.000-04:00 2011-09-08T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-06-13T08:55:00.000-04:00 ALLOWS_OTHER_ACCESS SREASON 1089 BID 18314 BUGTRAQ 20060607 Calendar Express 2 SQL injection VUPEN ADV-2006-2220 Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.