2 matches found
CVE-2006-2762
CVE-2006-2762: WebCalendar 1.0.3 is vulnerable to a PHP remote file inclusion via the includedir parameter in includes/config.php, leading to arbitrary code execution. The flaw arises because a URL is fed to fopen and its result defines user_inc, which is then used in include_once. Public advisor...
WebCalendar-1.0.3 reading of any files
Version: WebCalendar-1.0.3 Type: Reading of any files Description: ----------------------------- includes/config.php: line 64 if ! empty $includedir $fd = @fopen "$includedir/settings.php", "rb", true ; ...... while ! feof $fd $data .= fgets $fd, 4096 ; $configLines = explode "n", $data ; for $n ...