Description
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lorenzo Hernandez Garcia-Hierro · textwebappsphp
https://www.exploit-db.com/exploits/23013
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106252188522715&w=2
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106062021711496&w=2
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/925166
Scores
EPSS
0.0460
EPSS Percentile
89.3%
Details
Status
published
Products (1)
phpwebsite/phpwebsite
< 0.9.0
Published
Oct 20, 2003
Tracked Since
Feb 18, 2026