CVE-2007-6158

Proverbs Web Calendar <1.1 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/30810

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/38628

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484193/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26584

[Third Party Advisory] http://securityreason.com/securityalert/3401

Scores

EPSS 0.0027

EPSS Percentile 49.7%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

proverbs/proverbs_web_calendar

Timeline

Published Nov 29, 2007

Tracked Since Feb 18, 2026