CVE-2007-0860 Information

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php (b) showmonth.php (c) showevents.php (d) retrieveinvoice.php (e) modifyitem.php and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php (h) resetpassword.php (i) signup.php showmonth.php (j) showday.php showevents.php and lookup_userid.php. NOTE: this issue has been disputed by a third party who states that the associated variables are set in config.php before use.

Reference

http://www.securityfocus.com/archive/1/458312/100/100/threaded http://www.securityfocus.com/archive/1/458457/100/100/threaded