CVE-2007-1483
NONE
Published Mar 16, 200719y ago · Modified Jun 16, 20262w ago
Published Mar 16, 2007 19y ago
Last Modified Jun 16, 2026 2w ago
Description
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| k5n | webcalendar | 0.9.45 | any |
References 7
- securityreason.com http://securityreason.com/securityalert/2425
- sourceforge.net http://sourceforge.net/mailarchive/forum.php?thread_name=45EAF486.9080902%40k5n.us&forum_name=webcalendar-announce
- securityfocus.com http://www.securityfocus.com/archive/1/462957/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/463288
- securityfocus.com http://www.securityfocus.com/bid/23054
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/33008
- exploit-db.com https://www.exploit-db.com/exploits/3492
Remediation
- securityfocus.com http://www.securityfocus.com/bid/23054