RCE in K5n Webcalendar
CVE-2007-1483
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.041 (89.4th percentile) — read the EPSS interpretation.
Affected products
- K5n Webcalendar — versions 0.9.45
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (Exploit, Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (Exploit, x_refsource_SREASON, third-party-advisory)