Remote file inclusion

2006-05-2423:02:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.043 Low

EPSS

Percentile

92.4%

JSON

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[“CLPath”] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue.

CPENameOperatorVersion
calogic_calendarseq1.2.2

CPE	Name	Operator	Version
	calogic_calendars	eq	1.2.2

References

www.securityfocus.com/bid/18076

exchange.xforce.ibmcloud.com/vulnerabilities/26590

www.exploit-db.com/exploits/1809