CVE-2014-8586

CP Multi View Event Calendar 1.01 - SQL Injection via calid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-8586. PoCs published by Claudio Viviani, Joaquin Ramirez Martinez, bperry, including Metasploit module auxiliary/scanner/http/wordpress_cp_calendar_sqli.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in CP Multi View Event Calendar 1.01 via the 'calid' parameter. It includes payloads for boolean-based blind, error-based, UNION query, and time-based blind SQL injection techniques.

Description

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.

Exploits (2)

exploitdb WORKING POC

by Claudio Viviani · textwebappsphp

https://www.exploit-db.com/exploits/35073

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in CP Multi View Event Calendar 1.01 via the 'calid' parameter. It includes payloads for boolean-based blind, error-based, UNION query, and time-based blind SQL injection techniques.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: CP Multi View Event Calendar 1.01

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit SCANNER

by Joaquin Ramirez Martinez, bperry · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wordpress_cp_calendar_sqli.rb