CVE-2004-0275

BosDates <= 3.2 - SQL Injection via Calendar Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0275. PoCs published by G00db0y.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in BosDates calendar system, where insufficient sanitization of user-supplied input allows attackers to manipulate database queries. The example URL demonstrates the vulnerable parameter but does not include executable exploit code.

Description

SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by G00db0y · textwebappsphp
https://www.exploit-db.com/exploits/23685

The provided text describes an SQL injection vulnerability in BosDates calendar system, where insufficient sanitization of user-supplied input allows attackers to manipulate database queries. The example URL demonstrates the vulnerable parameter but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: BosDates calendar system
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107651618613575&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9639
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15133
Various Sources x_refsource_misc
http://www.zone-h.org/en/advisories/read/id=3925/

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

Status published
Products (3)
bosdev/bosdates 3.0
bosdev/bosdates 3.1
bosdev/bosdates 3.2
Published Nov 23, 2004
Tracked Since Feb 18, 2026