Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2836

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2836
Last Modified 10 Sep 2008 09:11:29
Published 24 Jun 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2836

Summary

PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.

Vulnerable Systems

Application

  • K5n Webcalendar 1.0.4


References

XF - webcalendar-send-reminders-file-include(43156)

SECTRACK - 1020357

BID - 29783

MILW0RM - 5847

MLIST - [webcalendar-announce] 20070304 Announce: Release 1.0.5 (security patch)


Last Updated: 27 May 2016 10:48:00