CVE-2008-5737

Nodstrum MySQL Calendar <1.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5737. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Calendar Script v1.1, allowing an attacker to bypass admin authentication by injecting a malicious payload into the username field. The vulnerability arises from improper input sanitization, enabling arbitrary SQL query execution.

Description

SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/7551

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Calendar Script v1.1, allowing an attacker to bypass admin authentication by injecting a malicious payload into the username field. The vulnerability arises from improper input sanitization, enabling arbitrary SQL query execution.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Calendar Script v1.1

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK