Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1423

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1423
Last Modified 08 Sep 2011 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1423

Summary

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Vulnerable Systems

Application

  • Php-calendar 0.1

  • Php-calendar 0.10

  • Php-calendar 0.2

  • Php-calendar 0.3

  • Php-calendar 0.4

  • Php-calendar 0.5

  • Php-calendar 0.6

  • Php-calendar 0.7

  • Php-calendar 0.8

  • Php-calendar 0.9

  • Php-calendar 0.9.1


References

MISC - http://www.gulftech.org/?node=research&article_id=00060-12292004

BUGTRAQ - 20041229 php-Calendar File Include Vulnerability [ Command Exec ]

XF - vlo-phpcrootpath-file-include(29710)

XF - php-calendar-file-include(18710)

VUPEN - ADV-2006-4145

BID - 20657

BID - 12127

BUGTRAQ - 20061021 Virtual Law Office (phpc_root_path) Remote File Include Vulnerability

MILW0RM - 2608

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

SECTRACK - 1017107

SECUNIA - 22516


Last Updated: 27 May 2016 10:39:02