CVE-2004-1423

Php-calendar < 0.10 - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Exploits (2)

exploitdb WRITEUP
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/43819
exploitdb WORKING POC VERIFIED
by Mehmet Ince · textwebappsphp
https://www.exploit-db.com/exploits/2608

References (12)

Scores

EPSS 0.1074
EPSS Percentile 93.2%

Classification

CWE
CWE-94
Status draft

Affected Products (11)

php-calendar/php-calendar < 0.10
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar
php-calendar/php-calendar

Timeline

Published Dec 31, 2004
Tracked Since Feb 18, 2026