CVE-2008-2836

WebCalendar 1.0.4 - Remote Code Execution via send_reminders.php includedir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2836. PoCs published by Cr@zy_King.

AI-analyzed exploit summary This exploit demonstrates a Remote File Include (RFI) vulnerability in WebCalendar v1.0.4 via the 'includedir' parameter in 'send_reminders.php'. It allows an attacker to include and execute arbitrary remote code by manipulating the 'includedir' parameter.

Description

PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cr@zy_King · textwebappsphp

https://www.exploit-db.com/exploits/5847

View Code ZIP pw:eip

This exploit demonstrates a Remote File Include (RFI) vulnerability in WebCalendar v1.0.4 via the 'includedir' parameter in 'send_reminders.php'. It allows an attacker to include and execute arbitrary remote code by manipulating the 'includedir' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WebCalendar v1.0.4

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious file on a remote server

MITRE ATT&CK