The exploit demonstrates a CSRF protection bypass in WebCalendar v1.2.7 by omitting the HTTP Referer header using a meta tag, allowing unauthorized password changes and access control modifications. Additionally, it details a PHP code injection vulnerability via the installation script's Database Cache Directory field, enabling arbitrary command execution.
Classification
Working Poc 90%
Target:
WebCalendar v1.2.7
No auth needed
Prerequisites:
Access to the WebCalendar installation wizard · Knowledge of the victim's username for CSRF attacks