CVE-2009-0364
WebCit < 7.39 - Remote Code Execution via Format String in Mini Calendar
Title source: llmDescription
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34457
Vendor Advisory x_refsource_confirm
http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52915
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34206
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1752
Scores
EPSS
0.0259
EPSS Percentile
83.3%
Details
CWE
CWE-134
Status
published
Products (7)
citadel/webcit
7.02
citadel/webcit
7.10
citadel/webcit
7.11
citadel/webcit
7.12
citadel/webcit
7.22
citadel/webcit
7.37
citadel/webcit
< 7.38
Published
Mar 26, 2009
Tracked Since
Feb 18, 2026