CVE-2008-4673
Events Calendar 1.1 - Remote Code Execution via path[docroot] or component Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4673. PoCs published by k3vin mitnick.
AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Events Calendar 1.1. The vulnerability allows an attacker to include arbitrary remote files via the 'path[docroot]' or 'component' parameters in 'header_setup.php'.
Description
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
Exploits (1)
This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Events Calendar 1.1. The vulnerability allows an attacker to include arbitrary remote files via the 'path[docroot]' or 'component' parameters in 'header_setup.php'.