CVE-2007-1483 Information

Description

Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php (2) get_reminders.php or (3) get_events.php.

Reference

http://securityreason.com/securityalert/2425 http://sourceforge.net/mailarchive/forum.php?thread_name=45EAF486.908090240k5n.us&forum_name=webcalendar-announce http://www.securityfocus.com/archive/1/462957/100/0/threaded http://www.securityfocus.com/archive/1/463288 http://www.securityfocus.com/bid/23054 https://exchange.xforce.ibmcloud.com/vulnerabilities/33008 https://www.exploit-db.com/exploits/3492