Описание
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 1.0.4-1 |
| edgy | released | 1.0.4-1 |
| feisty | DNE | |
| gutsy | released | 1.0.4-1 |
| hardy | released | 1.0.4-1 |
| intrepid | released | 1.0.4-1 |
| jaunty | released | 1.0.4-1 |
| karmic | released | 1.0.4-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
6.4 Medium
CVSS2
Связанные уязвимости
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
PHP remote file inclusion vulnerability in includes/config.php in WebC ...
PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.
6.4 Medium
CVSS2