Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-105690. PoCs published by BAYBORA.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Calendar Express 2.0 via the 'catid' parameter in year.php. The payload extracts database information including user, version, and database name using a UNION-based SQLi technique.
Description
Calendar Express 2.0 - SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BAYBORA · textwebappsphp
https://www.exploit-db.com/exploits/10758
This exploit demonstrates a SQL injection vulnerability in Calendar Express 2.0 via the 'catid' parameter in year.php. The payload extracts database information including user, version, and database name using a UNION-based SQLi technique.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Calendar Express 2.0
No auth needed
Prerequisites:
Target application must be running Calendar Express 2.0 · year.php must be accessible
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026