Description
Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 allow remote attackers to include and execute arbitrary local files via a full pathname in the configfile parameter to (1) update08.php or (2) update10.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Juan Galiana Lara · textwebappsphp
https://www.exploit-db.com/exploits/33437
exploitdb
WRITEUP
VERIFIED
by Juan Galiana Lara · textwebappsphp
https://www.exploit-db.com/exploits/33436
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508548/100/0/threaded
Scores
EPSS
0.0074
EPSS Percentile
73.0%
Details
CWE
CWE-22
Status
published
Products (1)
php-calendar/php-calendar
1.1
Published
Dec 22, 2009
Tracked Since
Feb 18, 2026