CVE-2007-3627

PHP Lite Calendar Express 2.2 - SQL Injection via cid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-3627. PoCs published by almaster.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Calendar Express, where the 'cid' parameter in subscribe.php is not properly sanitized. It includes a basic example URL but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (3)

exploitdb WRITEUP VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26114

The provided text describes a SQL injection vulnerability in Calendar Express, where the 'cid' parameter in subscribe.php is not properly sanitized. It includes a basic example URL but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Calendar Express (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Calendar Express application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26112

The provided content describes a SQL injection vulnerability in Calendar Express, where the 'cid' parameter in login.php is not properly sanitized. It includes a basic example URL but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Calendar Express (version not specified)
No auth needed
Prerequisites: Access to the vulnerable login.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26113

The provided code is a writeup describing a SQL injection vulnerability in Calendar Express. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Calendar Express (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Calendar Express application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14504

Scores

EPSS 0.0093
EPSS Percentile 55.9%

Details

Status published
Products (1)
php_lite/calendar_express 2.2
Published Jul 09, 2007
Tracked Since Feb 18, 2026