CVE-2007-3519

Wesmo Phpeventcalendar < 0.2.3 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by AtT4CKxT3rR0r1ST · textwebappsphp

https://www.exploit-db.com/exploits/26408

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Iron · perlwebappsphp

https://www.exploit-db.com/exploits/4135

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://secunia.com/advisories/25915

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/24721

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4135

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35193

[Third Party Advisory, VDB Entry] http://osvdb.org/36338

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/2404

Scores

EPSS 0.0177

EPSS Percentile 82.7%

Details

Status published

Products (1)

wesmo/phpeventcalendar < 0.2.3

Published Jul 03, 2007

Tracked Since Feb 18, 2026