Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote malicious users to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
k5n webcalendar 0.9.45 |