Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar prior to 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote malicious users to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-calendar php-calendar 0.8 |
||
php-calendar php-calendar 0.9 |
||
php-calendar php-calendar 0.1 |
||
php-calendar php-calendar 0.2 |
||
php-calendar php-calendar 0.9.1 |
||
php-calendar php-calendar |
||
php-calendar php-calendar 0.5 |
||
php-calendar php-calendar 0.6 |
||
php-calendar php-calendar 0.7 |
||
php-calendar php-calendar 0.3 |
||
php-calendar php-calendar 0.4 |