CVE-2006-1372

1WebCalendar < 4.0 - SQL Injection via EventID, NewsID, or ThisDate Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-1372. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in WebCalendar due to improper input sanitization. It references a generic exploit URL but lacks actual exploit code or technical details.

Description

Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappscfm
https://www.exploit-db.com/exploits/27455

The provided text describes SQL injection vulnerabilities in WebCalendar due to improper input sanitization. It references a generic exploit URL but lacks actual exploit code or technical details.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WebCalendar (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable WebCalendar instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappscfm
https://www.exploit-db.com/exploits/27457

The provided text describes SQL injection vulnerabilities in WebCalendar but lacks actual exploit code. It references a generic URL pattern for exploitation without technical details or payloads.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WebCalendar (version unspecified)
No auth needed
Prerequisites: Access to the target WebCalendar instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappscfm
https://www.exploit-db.com/exploits/27456

The provided text describes a SQL injection vulnerability in WebCalendar but does not include actual exploit code. It references a SecurityFocus BID and a generic example URL without technical details or payloads.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WebCalendar (version unspecified)
No auth needed
Prerequisites: Access to a vulnerable WebCalendar instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25373
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24023
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17193
Exploit third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19329
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1040
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24021
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24022

Scores

EPSS 0.0174
EPSS Percentile 74.7%

Details

Status published
Products (1)
benson_it_solutions/1webcalendar < 4.0
Published Mar 24, 2006
Tracked Since Feb 18, 2026