CVE-2004-1423
published 2004-12-31CVE-2004-1423: Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
15.47%
96.4th percentile
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-calendar | php-calendar | <= 0.10 | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
| php-calendar | php-calendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
exploitdb·2014-12-29·CVSS 7.5
CVE-2004-1423 [HIGH] PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
PHP-Calendar < 0.10.1 - Arbitrary File Inclusion
---
PHP-Calendar Arbitrary File Inclusion
Vendor: Sean Proctor
Product: PHP-Calendar
Version: <= 0.10.1
Website: http://php-calendar.sourceforge.net/
BID: 12127
CVE: CVE-2004-1423
OSVDB: 12700 12701
SECUNIA: 22516
PACKETSTORM: 35563
Description:
I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were previously using localendar, which I didn't like and it had some problems. I found CST-Calendar which did most of what I wanted, but was rather ugly and missed some features others in the group wanted. So, I gradually re-wrote CST-Calendar since that project seems to have stopped work entirely. [ As quoted from their website ]
File Include Vulnerability:
There is a very dangerous file
Exploit-DB
software602 602 lan suite 2004 - Directory Traversal
exploitdb·2005-05-05
CVE-2005-1423 software602 602 lan suite 2004 - Directory Traversal
software602 602 lan suite 2004 - Directory Traversal
---
source: https://www.securityfocus.com/bid/13519/info
602 LAN Suite 2004 is reported prone to a directory traversal vulnerability.
It is reported that an attacker can exploit this issue to detect the presence of files on a computer and potentially cause a denial of service condition.
A successful attack may aid in further attacks against the system or lead to a crash due to resource exhaustion.
http://www.example.com/mail?A=/../../../../../../../[file]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110434580716205&w=2http://secunia.com/advisories/22516http://securitytracker.com/id?1017107http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800http://www.gulftech.org/?node=research&article_id=00060-12292004http://www.securityfocus.com/archive/1/449397/100/0/threadedhttp://www.securityfocus.com/bid/12127http://www.securityfocus.com/bid/20657http://www.vupen.com/english/advisories/2006/4145https://exchange.xforce.ibmcloud.com/vulnerabilities/18710https://exchange.xforce.ibmcloud.com/vulnerabilities/29710https://www.exploit-db.com/exploits/2608http://marc.info/?l=bugtraq&m=110434580716205&w=2http://secunia.com/advisories/22516http://securitytracker.com/id?1017107http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800http://www.gulftech.org/?node=research&article_id=00060-12292004http://www.securityfocus.com/archive/1/449397/100/0/threadedhttp://www.securityfocus.com/bid/12127http://www.securityfocus.com/bid/20657http://www.vupen.com/english/advisories/2006/4145https://exchange.xforce.ibmcloud.com/vulnerabilities/18710https://exchange.xforce.ibmcloud.com/vulnerabilities/29710https://www.exploit-db.com/exploits/2608
2004-12-31
Published