5 matches found
PHP-Calendar Multiple Remote And Local File Inclusion Vulnerabilities
PHP-Calendar is prone to Remote And Local File Inclusion vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PHP-Calendar configfile变量远程文件包含漏洞
CVECAN ID: CVE-2009-3702 php-Calendar是一款基于WEB的日历事务系统。 PHP-Calendar中存在多个绝对路径遍历漏洞,远程攻击者可以通过在提交给update08.php或update10.ph的configfile参数中的完整路径名导致包含并执行任意本地文件。以下是有漏洞的代码段: 36 elseif!empty$GET'configfile' 37 iffileexists$GET'configfile' 38 requireonce$GET'configfile'; PHP-Calendar 1.1 临时解决方法:...
CVE-2009-3702
CVE-2009-3702 affects PHP-Calendar 1.1, where the configfile parameter in update08.php and update10.php allows including arbitrary local files and can enable remote file inclusion in some environments (e.g., UNC paths, ftp/ftps/ssh2 URLs). The root cause is inadequate filtering of $GET['configfil...
[ISecAuditors Security Advisories] PHP-Calendar <= v1.1 'configfile' Remote and Local File Inclusion vulnerability
============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...
PHP-Calendar 1.1 Remote/Local File Inclusion
============================================= INTERNET SECURITY AUDITORS ALERT 2009-011 - Original release date: October 13th, 2009 - Last revised: December 18th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3702 - Severity: 8.5/10 CVSS Base Score...