CVE-2008-6319

CF_Calendar - SQL Injection via calid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6319. PoCs published by AlpHaNiX.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in CF_Calendar to extract user credentials. It constructs a malicious URL with a UNION-based SQLi payload to dump usernames and passwords from the 'login' table.

Description

SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AlpHaNiX · perlwebappsasp

https://www.exploit-db.com/exploits/7413

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in CF_Calendar to extract user credentials. It constructs a malicious URL with a UNION-based SQLi payload to dump usernames and passwords from the 'login' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: CF_Calendar (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable CF_Calendar installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32766

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33074

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7413

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-89

Status published

Products (1)

cfmsource/cf_calendar

Published Feb 27, 2009

Tracked Since Feb 18, 2026