FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

WebCalendar -- remote file inclusion vulnerability

Affected packages
WebCalendar < 1.0.1

Details

VuXML ID 60f8fe7b-3cfb-11da-baa2-0004614cc33d
Discovery 2005-08-26
Entry 2005-10-15
Modified 2005-11-08

WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The send_reminders.php does not properly verify the "includedir" parameter, giving remote attackers the possibility to include local and remote files. These files can be used by the attacker to gain access to the system.

References

Bugtraq ID 14651
CVE Name CVE-2005-2717
URL http://sourceforge.net/forum/forum.php?thread_id=1342085&forum_id=11587