CVE-2009-0820

phpScheduleIt <1.2.11 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0820. PoCs published by EgiX.

AI-analyzed exploit summary This exploit leverages a PHP code injection vulnerability in phpScheduleIt <= 1.2.10 via the 'start_date' parameter in reserve.php, which is passed to eval(). It allows remote command execution when magic_quotes_gpc is disabled.

Description

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/6646

View Code ZIP pw:eip

This exploit leverages a PHP code injection vulnerability in phpScheduleIt <= 1.2.10 via the 'start_date' parameter in reserve.php, which is passed to eval(). It allows remote command execution when magic_quotes_gpc is disabled.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: phpScheduleIt <= 1.2.10

No auth needed

Prerequisites: magic_quotes_gpc = off · access to reserve.php

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_confirm

http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/reserve.php?r1=318&r2=328

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0491

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33991

Patch, Vendor Advisory x_refsource_confirm

http://phpscheduleit.svn.sourceforge.net/viewvc/phpscheduleit/1.2.11/check.php?r1=318&r2=332

Patch x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=662749

Scores

EPSS 0.0456

EPSS Percentile 90.4%

Details

CWE

CWE-94

Status published

Products (14)

php.brickhost/phpscheduleit 1.0

php.brickhost/phpscheduleit 1.0.0rc1

php.brickhost/phpscheduleit 1.0_rc1

php.brickhost/phpscheduleit 1.2.0 (3 CPE variants)

php.brickhost/phpscheduleit 1.2.1

php.brickhost/phpscheduleit 1.2.2

php.brickhost/phpscheduleit 1.2.3

php.brickhost/phpscheduleit 1.2.4

php.brickhost/phpscheduleit 1.2.5

php.brickhost/phpscheduleit 1.2.6

... and 4 more

Published Mar 05, 2009

Tracked Since Feb 18, 2026