VIR Vulnerability Intelligence Relay

CVE-2010-0375

high
Published 2010-01-21 · Modified 2026-04-29
💬 Discuss on Community ✚ Propose mitigation
CVSS v3
CVSS v4 NEW
not yet in upstream
VIR risk
8.5

Description

SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-11082 webapps php text · 2 KB
LionTurk · 2010-01-10

PHPCalendars - Multiple Vulnerabilities

text exploit Source: Exploit-DB 
==============================================================================  

                      _      _       _          _      _   _  

                     / \    | |     | |        / \    | | | |  

                    / _ \   | |     | |       / _ \   | |_| |  

                   / ___ \  | |___  | |___   / ___ \  |  _  |  

                  /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|  

   

   

==============================================================================  

        [»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi

==============================================================================  

        [»] PHPCalendars  Multi Vulnerability 

==============================================================================  

   

    [»] Script:             [  PHPCalendars  ]  

    [»] Language:           [ PHP ]  

    [»] Download:           [ http://scripti.org/script_calendarstore-alisveris-scripti_1256_21.html] 

    [»] Founder:            [ LionTurk -  Bylionturk@kafam1milyon.com & LionTurk.Turkblog.com }

    [»] My Home:            [ RevengeHack.com and Ar-ge.Org ]  

    [»]N0T3    :             Yeni Aciklarimi Bekleyin.


###########################################################################  

   

===[ Exploit And Dork  ]===  

   

  [»] http://server/[dizin]/product_list.php?cat=1[XSS-Vuln] 
  [»] http://server/[dizin]/install.php


 


  [»] Powered by the PHPCalendars Script
 




Author:  LionTurk <-  

Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng

                 

- Ben Ne Heykirlar Gordum  site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D
            Kisisel Blogum:LionTurk.Turkblog.com

                                 


###########################################################################

Application impact
VendorProductVersionsFixed
jce-techphp_calendars_script

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.