CVE-2008-4673

PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.

Published: Oct 22, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4673
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
webbiscuits / events_calendar	1.1	1.1.x

http://secunia.com/advisories/32053
http://securityreason.com/securityalert/4461
http://www.securityfocus.com/bid/31471
http://www.vupen.com/english/advisories/2008/2701
https://exchange.xforce.ibmcloud.com/vulnerabilities/45500
https://www.exploit-db.com/exploits/6623

Vulnerability Database

291,049

CVE-2008-4673