Family: CGI abuses --> Category: attack
WebCalendar includedir Parameter Remote File Include Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for includedir parameter remote file include vulnerability in WebCalendar
Detailed Explanation for this Vulnerability Test
The remote web server has a PHP script that is affected by a remote
file include vulnerability.
The remote version of WebCalendar fails to sanitize user-supplied
input to the 'includedir' parameter of the 'send_reminders.php'
script. By leveraging this flaw, a possible hacker may be able to view
arbitrary files on the remote host and execute arbitrary PHP code,
possibly taken from third-party hosts.
See also :
Upgrade to WebCalendar 1.0.1 or newer.
High / CVSS Base Score : 7
Click HERE for more information and discussions on this network vulnerability scan.