Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5385

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5385
Last Modified 22 Oct 2012 12:00:00
Published 11 Oct 2012 11:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5385

Summary

install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

Vulnerable Systems

Application

  • Craig Knudsen Webcalendar 1.0

  • Craig Knudsen Webcalendar 1.1.1

  • Craig Knudsen Webcalendar 1.1.2

  • Craig Knudsen Webcalendar 1.1.3

  • Craig Knudsen Webcalendar 1.1.4

  • Craig Knudsen Webcalendar 1.1.5

  • Craig Knudsen Webcalendar 1.1.6

  • Craig Knudsen Webcalendar 1.2

  • Craig Knudsen Webcalendar 1.2.0

  • Craig Knudsen Webcalendar 1.2.1

  • Craig Knudsen Webcalendar 1.2.2

  • Craig Knudsen Webcalendar 1.2.3

  • Craig Knudsen Webcalendar 1.2.4


References

CONFIRM - http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2


Last Updated: 27 May 2016 11:00:58