CVE-2007-1845

PHP-Fusion Expanded Calendar Module 2.00 - SQL Injection via m_month Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1845. PoCs published by UNIQUE-KEY.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in PHP-Fusion's Calendar_Panel module. It extracts admin credentials by injecting a UNION-based SQL query into the 'm_month' parameter.

Description

SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by UNIQUE-KEY · perlwebappsphp

https://www.exploit-db.com/exploits/29806

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in PHP-Fusion's Calendar_Panel module. It extracts admin credentials by injecting a UNION-based SQL query into the 'm_month' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP-Fusion (Calendar_Panel module)

No auth needed

Prerequisites: Target must have PHP-Fusion installed with the Calendar_Panel module · Target must be vulnerable to SQL injection via the 'm_month' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →