Vulnerabilities > CVE-2005-2717 - Remote File Include vulnerability in Webcalendar 1.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-799.NASL description A trivially-exploitable bug was discovered in webcalendar that allows an attacker to execute arbitrary code with the privileges of the HTTP daemon on a system running a vulnerable version. last seen 2020-06-01 modified 2020-06-02 plugin id 19569 published 2005-09-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19569 title Debian DSA-799-1 : webcalendar - remote code execution NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_60F8FE7B3CFB11DABAA20004614CC33D.NASL description WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The send_reminders.php does not properly verify the last seen 2020-06-01 modified 2020-06-02 plugin id 21436 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21436 title FreeBSD : WebCalendar -- remote file inclusion vulnerability (60f8fe7b-3cfb-11da-baa2-0004614cc33d) NASL family CGI abuses NASL id WEBCALENDAR_INCLUDEDIR_FILE_INCLUDES.NASL description The remote version of WebCalendar fails to sanitize user-supplied input to the last seen 2020-06-01 modified 2020-06-02 plugin id 19502 published 2005-08-25 reporter This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19502 title WebCalendar send_reminders.php includedir Parameter Remote File Inclusion
References
- http://secunia.com/advisories/16528
- http://secunia.com/advisories/16675
- http://securitytracker.com/id?1014849
- http://sourceforge.net/project/shownotes.php?release_id=350336
- http://www.debian.org/security/2005/dsa-799
- http://www.securityfocus.com/bid/14651
- http://www.vupen.com/english/advisories/2005/1513
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22136