TITLE: PHP Event Calendar "path_to_calendar" File Inclusion
SECUNIA ADVISORY ID: SA21074
VERIFY ADVISORY: http://secunia.com/advisories/21074/
CRITICAL: Highly critical
IMPACT: System access
WHERE: >From remote
SOFTWARE: PHP Event Calendar 1.x
http://secunia.com/product/7964/
DESCRIPTION: Solpot has reported a vulnerability in PHP Event Calendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "path_to_calendar" parameter in cl_files/calendar.php is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources.
The vulnerability has been reported in version 1.4. Other versions may also be affected.
SOLUTION: Update to version 1.5.1.
PROVIDED AND/OR DISCOVERED BY: Solpot
ORIGINAL ADVISORY: http://www.solpotcrew.org/adv/solpot-adv-01.txt
PHP Event Calendar path_to_calendar File InclusionPosted on Tuesday, July 18, 2006 @ 11:25:23 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
