Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2012-1495

Published: 27/01/2020 Updated: 29/01/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Webcalendar Project

Vulnerability Summary

install/index.php in WebCalendar prior to 1.2.5 allows remote malicious users to execute arbitrary code via the form_single_user_login parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webcalendar project webcalendar

Exploits

Exploit DB: WebCalendar 1.2.4 Remote Code Execution
WebCalendar versions 124 and below suffer from a remote code execution vulnerability ...
Exploit DB: WebCalendar 1.2.4 - Remote Code Injection (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...
Exploit DB: WebCalendar 1.2.4 - Remote Code Execution
<?php /* ----------------------------------------------------------------------- WebCalendar <= 124 (install/indexphp) Remote Code Executionn Exploit ----------------------------------------------------------------------- author: Egidio Romano aka EgiX mail: n0b0d13s[at]gmail[dot]com soft ...

Github Repositories

https://github.com/axelbankole/CVE-2012-1495-Webcalendar-

CVE-2012-1495-Webcalendar- Prerequis : MAchine Kali linux ou Parrot Os 1- Cloner le repository 2- extraire l'archive "webcalendar" 3- Creer le container docker et le lancer à l'aide des commandes : docker build -t webcalendar docker run -d -p 80:80 webcalendar 4- Sur votre machine kali, lancez metasploit et cherchez l'exploit puis le lancer(se

References

CWE-74https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.htmlhttps://www.exploit-db.com/exploits/18775http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/axelbankole/CVE-2012-1495-Webcalendar-https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/18797/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook