CVE-2003-0735

phpwebsite < 0.9.0 - SQL Injection via Calendar Module Year Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0735. PoCs published by Lorenzo Hernandez Garcia-Hierro.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in PHP Website's calendar module. It includes example URLs demonstrating how malicious input can be injected into the 'year' and 'month' parameters to manipulate SQL queries.

Description

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Lorenzo Hernandez Garcia-Hierro · textwebappsphp

https://www.exploit-db.com/exploits/23013

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in PHP Website's calendar module. It includes example URLs demonstrating how malicious input can be injected into the 'year' and 'month' parameters to manipulate SQL queries.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PHP Website (version not specified)

No auth needed

Prerequisites: Access to the target web application · Calendar module enabled

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106252188522715&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=106062021711496&w=2

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/925166

Scores

EPSS 0.0157

EPSS Percentile 72.1%

Details

Status published

Products (1)

phpwebsite/phpwebsite < 0.9.0

Published Oct 20, 2003

Tracked Since Feb 18, 2026