RCE in K5n Webcalendar
CVE-2008-2836
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than C…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.031 (86.1th percentile) — read the EPSS interpretation.
Affected products
- K5n Webcalendar — versions 1.0.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (mailing-list, x_refsource_MLIST)