Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4673

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4673
Last Modified 07 Mar 2011 10:12:51
Published 22 Oct 2008 06:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4673

Summary

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.

Vulnerable Systems

Application

  • Webbiscuits Events Calendar 1.1


References

XF - eventscalendar-headersetup-file-include(45500)

VUPEN - ADV-2008-2701

BID - 31471

MILW0RM - 6623

SREASON - 4461

SECUNIA - 32053


Last Updated: 27 May 2016 10:48:35