Описание
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
Ссылки
- ExploitPatch
- Exploit
- Vendor Advisory
- ExploitPatch
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 0.10 (включая)
Одно из
cpe:2.3:a:php-calendar:php-calendar:*:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.1:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.2:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.3:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.4:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.5:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.6:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.7:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.8:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.9:*:*:*:*:*:*:*
cpe:2.3:a:php-calendar:php-calendar:0.9.1:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10744
Средний
7.5 High
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
больше 3 лет назад
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
EPSS
Процентиль: 93%
0.10744
Средний
7.5 High
CVSS2
Дефекты
CWE-94