vtiger -- multiple remote file inclusion vulnerabilities

2006-10-09T00:00:00
ID 2C8A84D9-5BEE-11DB-A5AE-00508D6A62DF
Type freebsd
Reporter FreeBSD
Modified 2006-10-09T00:00:00

Description

Dedi Dwianto a.k.a the_day reports:

Input passed to the "$calpath" parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources.