CVE-2004-1423

EPSS 15.5%

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/2608unverified exploitdbwww.exploit-db.com/exploits/43819unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://marc.info/?l=bugtraq&m=110434580716205&w=2 http://secunia.com/advisories/22516 http://securitytracker.com/id?1017107 https://exchange.xforce.ibmcloud.com/vulnerabilities/18710 https://exchange.xforce.ibmcloud.com/vulnerabilities/29710 http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800 https://www.exploit-db.com/exploits/2608 http://www.gulftech.org/?node=research&article_id=00060-12292004 http://www.securityfocus.com/archive/1/449397/100/0/threaded http://www.securityfocus.com/bid/12127 http://www.securityfocus.com/bid/20657 http://www.vupen.com/english/advisories/2006/4145