cbcvebase.
CVE-2012-5385
published 2012-10-11

CVE-2012-5385: install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors…

PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.17%
80.0th percentile
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.

Affected

13 ranges
VendorProductVersion rangeFixed in
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
webcalendar_projectwebcalendar
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.