CVE-2006-2797
phpCommunityCalendar 4.0.3 - SQL Injection via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2797. PoCs published by X0r_1.
AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in phpCommunityCalendar 4.0.3, including XSS and SQL injection. It provides functional URLs with payloads to exploit these vulnerabilities.
Description
Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php.
Exploits (1)
The exploit demonstrates multiple vulnerabilities in phpCommunityCalendar 4.0.3, including XSS and SQL injection. It provides functional URLs with payloads to exploit these vulnerabilities.