cpe:/a:g4j.laoneo:com_gcalendar:1.1.2 cpe:/a:g4j.laoneo:com_gcalendar:2.1.4 CVE-2009-4099 2009-11-29T08:08:29.377-05:00 2017-08-16T21:31:26.287-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-11-30T07:28:00.000-05:00 BID 37134 BID 37141 SECUNIA 37476 OSVDB 60517 XF gcalendar-index-sql-injection(54450) MISC http://packetstormsecurity.org/0911-exploits/joomlagcalendar-sql.txt SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.