RCE in K5n Webcalendar

CVE-2007-1483

Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.041 (89.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References