CVE-2005-3984

Publication date 4 December 2005

Last updated 17 July 2025

Ubuntu priority

SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
webcalendar	7.04 feisty	Not in release
	6.10 edgy	Fixed 1.0.2-2.1
	6.06 LTS dapper	Fixed 1.0.2-2.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2005-3984