CVE-2012-5385 Information

Description

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

Reference

http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2