CVE-2015-7235

CP Reservation Calendar < 1.1.6 - SQL Injection via dex_reservations.php Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7235. PoCs published by i0akiN SEC-LABORATORY.

AI-analyzed exploit summary The writeup describes a SQL injection vulnerability in WordPress cp-reservation-calendar plugin v1.1.6. It details vulnerable functions and provides SQLmap commands for exploitation but does not include direct exploit code.

Description

Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.

Exploits (1)

exploitdb WRITEUP
by i0akiN SEC-LABORATORY · textwebappsphp
https://www.exploit-db.com/exploits/38187

The writeup describes a SQL injection vulnerability in WordPress cp-reservation-calendar plugin v1.1.6. It details vulnerable functions and provides SQLmap commands for exploitation but does not include direct exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress cp-reservation-calendar v1.1.6
No auth needed
Prerequisites: Access to the vulnerable WordPress plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38187/
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8193

Scores

EPSS 0.0482
EPSS Percentile 90.8%

Details

CWE
CWE-89
Status published
Products (1)
cp_reservation_calender_project/cp_reservation_calender < 1.1.6
Published Sep 17, 2015
Tracked Since Feb 18, 2026