CVE-2015-2196

NUCLEI

Web-dorado Spider Calendar - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mateusz Lach · phpwebappsphp

https://www.exploit-db.com/exploits/36061

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Spider Calendar <=1.4.9 - SQL Injection

HIGHVERIFIEDby theamanrawat

References (1)

[Exploit] http://www.exploit-db.com/exploits/36061

Scores

EPSS 0.0308

EPSS Percentile 86.8%

Details

CWE

CWE-89

Status published

Products (1)

web-dorado/spider_calendar 1.4.9

Published Mar 03, 2015

Tracked Since Feb 18, 2026