CVE-2009-0730

GigCalendar (com_gigcal) 1.0 - SQL Injection via gigcal_venues_id or gigcal_bands_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0730. PoCs published by Salvatore Fresta, Lanti-Net.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the gigCalendar component for Joomla! and Mambo. It leverages unsanitized user input in the 'gigcal_bands_id' parameter to extract user credentials from the database via a UNION-based attack.

Description

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Salvatore Fresta · textwebappsphp
https://www.exploit-db.com/exploits/32807

This exploit demonstrates an SQL injection vulnerability in the gigCalendar component for Joomla! and Mambo. It leverages unsanitized user input in the 'gigcal_bands_id' parameter to extract user credentials from the database via a UNION-based attack.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: gigCalendar 1.0 for Joomla! and Mambo
No auth needed
Prerequisites: Target must have gigCalendar 1.0 installed · Database must be accessible and contain the 'jos_users' table
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Lanti-Net · textwebappsphp
https://www.exploit-db.com/exploits/7815

This exploit demonstrates a SQL injection vulnerability in the Joomla Gigcal component. It allows an attacker to extract user credentials from the database via a crafted URL parameter.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla with Gigcal component
No auth needed
Prerequisites: Joomla installation with Gigcal component enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501175/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33859
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48865
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501176/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501174/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33863

Scores

EPSS 0.0109
EPSS Percentile 61.0%

Details

CWE
CWE-89
Status published
Products (1)
gigcalendar/com_gigcalendar 1.0
Published Feb 24, 2009
Tracked Since Feb 18, 2026