CVE-2011-5109

Freelancer Calendar < 1.01 - SQL Injection via SearchField Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5109. PoCs published by muuratsalo.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Freelancer Calendar <= 1.0.1, detailing affected endpoints and parameters. It includes a disclosure timeline and proof-of-concept URLs but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory.

Exploits (1)

exploitdb WRITEUP

by muuratsalo · textwebappsphp

https://www.exploit-db.com/exploits/18127

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in Freelancer Calendar <= 1.0.1, detailing affected endpoints and parameters. It includes a disclosure timeline and proof-of-concept URLs but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Freelancer Calendar <= 1.0.1

Auth required

Prerequisites: Registered account on the target application

MITRE ATT&CK