exploitDog

CVE-2012-1495

Опубликовано: 27 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Высокий

Описание

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

Ссылки

http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/
Release Notes
Third Party Advisory
https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/18775
Exploit
Third Party Advisory
VDB Entry
http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/
Release Notes
Third Party Advisory
https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/18775
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webcalendar_project:webcalendar:*:*:*:*:*:*:*:*

Версия до 1.2.5 (исключая)

EPSS

Процентиль: 99%

0.88725

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2012-1495

CVSS3: 9.8

debian

около 6 лет назад

install/index.php in WebCalendar before 1.2.5 allows remote attackers ...

GHSA-5whg-989c-xx4x

github

почти 4 года назад

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

EPSS

Процентиль: 99%

0.88725

Высокий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-74