CVE-2012-1495

CRITICAL

WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2012-1495. PoCs published by Metasploit, EgiX, axelbankole, including Metasploit module exploits/linux/http/webcalendar_settings_exec.

AI-analyzed exploit summary This Metasploit module exploits a pre-authentication remote code injection vulnerability in WebCalendar 1.2.4 by abusing the settings.php script to inject arbitrary PHP code, leading to remote command execution as the www-data user.

Description

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappslinux
https://www.exploit-db.com/exploits/18797

This Metasploit module exploits a pre-authentication remote code injection vulnerability in WebCalendar 1.2.4 by abusing the settings.php script to inject arbitrary PHP code, leading to remote command execution as the www-data user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WebCalendar 1.2.4
No auth needed
Prerequisites: WebCalendar 1.2.4 installation with accessible settings.php script
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/18775

This exploit targets CVE-2012-1496 in WebCalendar <= 1.2.4, leveraging a Local File Inclusion (LFI) vulnerability in /pref.php to achieve Remote Code Execution (RCE) by injecting PHP code into /includes/settings.php via the installation script.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WebCalendar <= 1.2.4
Auth required
Prerequisites: magic_quotes_gpc = off · access to install/index.php · authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by axelbankole · poc
https://github.com/axelbankole/CVE-2012-1495-Webcalendar-

This repository provides instructions for setting up a Docker container with WebCalendar and suggests using Metasploit to exploit CVE-2012-1495. It does not contain actual exploit code but references external tools.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: WebCalendar (version not specified)
No auth needed
Prerequisites: Docker · Metasploit · Kali Linux or Parrot OS
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by EgiX, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webcalendar_settings_exec.rb

This Metasploit module exploits a pre-authentication remote code injection vulnerability in WebCalendar 1.2.4 by abusing the settings.php script to inject arbitrary PHP code, leading to command execution as the www-data user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WebCalendar 1.2.4
No auth needed
Prerequisites: Exposed WebCalendar installation with settings.php accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/18775
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html
Release Notes, Third Party Advisory x_refsource_misc
http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/

Scores

CVSS v3 9.8
EPSS 0.8872
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
webcalendar_project/webcalendar < 1.2.5
Published Jan 27, 2020
Tracked Since Feb 18, 2026