CVE-2007-3519

phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-3519. PoCs published by AtT4CKxT3rR0r1ST, Iron.

AI-analyzed exploit summary The exploit demonstrates SQL injection (classic and blind), CSRF for admin addition, and XSS vulnerabilities in phpEventCalendar v0.2.3. It includes proof-of-concept URLs and a form for CSRF exploitation.

Description

SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by AtT4CKxT3rR0r1ST · textwebappsphp

https://www.exploit-db.com/exploits/26408

View Code ZIP pw:eip

The exploit demonstrates SQL injection (classic and blind), CSRF for admin addition, and XSS vulnerabilities in phpEventCalendar v0.2.3. It includes proof-of-concept URLs and a form for CSRF exploitation.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: phpEventCalendar v0.2.3

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Iron · perlwebappsphp

https://www.exploit-db.com/exploits/4135