Vulnerabilities > CVE-2007-3519 - SQL Injection vulnerability in PHPEventCalendar Eventdisplay.PHP Script

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
wesmo
exploit available
NVD
Published: 2007-07-03
Updated: 2017-09-29

Summary

SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Vulnerable Configurations

Part Description Count
Application
Wesmo
1

Exploit-Db

  • descriptionphpEventCalendar 0.2.3 - Multiple Vulnerabilities. CVE-2007-3519. Webapps exploit for php platform
    idEDB-ID:26408
    last seen2016-02-03
    modified2013-06-24
    published2013-06-24
    reporterAtT4CKxT3rR0r1ST
    sourcehttps://www.exploit-db.com/download/26408/
    titlephpEventCalendar 0.2.3 - Multiple Vulnerabilities
  • descriptionphpEventCalendar <= 0.2.3 (eventdisplay.php) SQL Injection Exploit. CVE-2007-3519. Webapps exploit for php platform
    fileexploits/php/webapps/4135.pl
    idEDB-ID:4135
    last seen2016-01-31
    modified2007-07-01
    platformphp
    port
    published2007-07-01
    reporterIron
    sourcehttps://www.exploit-db.com/download/4135/
    titlephpEventCalendar <= 0.2.3 eventdisplay.php SQL Injection Exploit
    typewebapps

References