Description
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
Product(s):
- Webcalendar 0.9.11
- WebCalendar 0.9.15
- WebCalendar 0.9.16
- WebCalendar 0.9.19
- WebCalendar 0.9.20
- WebCalendar 0.9.21
- WebCalendar 0.9.22
- WebCalendar 0.9.23
- WebCalendar 0.9.24
- WebCalendar 0.9.25
- WebCalendar 0.9.26
- WebCalendar 0.9.27
- WebCalendar 0.9.28
- WebCalendar 0.9.29
- WebCalendar 0.9.30
- WebCalendar 0.9.31
- WebCalendar 0.9.32
- WebCalendar 0.9.33
- WebCalendar 0.9.34
- WebCalendar 0.9.35
- WebCalendar 0.9.36
- WebCalendar 0.9.37
- WebCalendar 0.9.38
- WebCalendar 0.9.39
- WebCalendar 0.9.40
- WebCalendar 0.9.41
- WebCalendar 0.9.42
- WebCalendar 0.9.43
- WebCalendar 0.9.44
- WebCalendar 0.9.8
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1508, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1508 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.