CVE-2009-0820

phpScheduleIt <1.2.11 - Code Injection

Title source: llm

Description

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/6646

View Code ZIP pw:eip

References (5)

[Patch, Vendor Advisory] http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332

[Patch, Vendor Advisory] http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328

[Vendor Advisory] http://secunia.com/advisories/33991

[Patch] http://sourceforge.net/project/shownotes.php?release_id=662749

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/0491

Scores

EPSS 0.0963

EPSS Percentile 92.9%

Details

CWE

CWE-94

Status published

Products (14)

php.brickhost/phpscheduleit 1.0

php.brickhost/phpscheduleit 1.0.0rc1

php.brickhost/phpscheduleit 1.0_rc1

php.brickhost/phpscheduleit 1.2.0 (3 CPE variants)

php.brickhost/phpscheduleit 1.2.1

php.brickhost/phpscheduleit 1.2.2

php.brickhost/phpscheduleit 1.2.3

php.brickhost/phpscheduleit 1.2.4

php.brickhost/phpscheduleit 1.2.5

php.brickhost/phpscheduleit 1.2.6

... and 4 more

Published Mar 05, 2009

Tracked Since Feb 18, 2026