CVE-2004-1423

Php-calendar < 0.10 - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · textwebappsphp

https://www.exploit-db.com/exploits/2608

View Code ZIP pw:eip

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43819

View Code ZIP pw:eip

References (12)

Core 12

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017107

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/12127

Exploit, Patch x_refsource_misc

http://www.gulftech.org/?node=research&article_id=00060-12292004

Product x_refsource_confirm

http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4145

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110434580716205&w=2

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2608

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/20657

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/29710

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/449397/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22516

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18710

Scores

EPSS 0.1074

EPSS Percentile 93.4%

Details

CWE

CWE-94

Status published

Products (11)

php-calendar/php-calendar 0.1

php-calendar/php-calendar 0.2

php-calendar/php-calendar 0.3

php-calendar/php-calendar 0.4

php-calendar/php-calendar 0.5

php-calendar/php-calendar 0.6

php-calendar/php-calendar 0.7

php-calendar/php-calendar 0.8

php-calendar/php-calendar 0.9

php-calendar/php-calendar 0.9.1

... and 1 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026