CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Product Status

Learn more

Information not provided

References 12 Total

Updated: 2024-08-08

This container includes required additional information provided by the CVE Program for this vulnerability.

References 12 Total

securitytracker.com: 1017107
external site
vdb-entryx_transferred
securityfocus.com: 12127
external site
vdb-entryx_transferred
http://www.gulftech.org/?node=research&article_id=00060-12292004
external site
x_transferred
http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800
external site
x_transferred
vupen.com: ADV-2006-4145
external site
vdb-entryx_transferred
marc.info: 20041229 php-Calendar File Include Vulnerability [ Command Exec ]
external site
mailing-listx_transferred
exploit-db.com: 2608
external site
exploitx_transferred
securityfocus.com: 20657
external site
vdb-entryx_transferred
exchange.xforce.ibmcloud.com: vlo-phpcrootpath-file-include(29710)
external site
vdb-entryx_transferred
securityfocus.com: 20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability
external site
mailing-listx_transferred
secunia.com: 22516
external site
third-party-advisoryx_transferred
exchange.xforce.ibmcloud.com: php-calendar-file-include(18710)
external site
vdb-entryx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 12 Total

CVE Program

References 12 Total