Webbiscuits · Webbiscuits Software Events Calendar · CVE-2008-4673
**Name of the Vulnerable Software and Affected Versions**
WebBiscuits Software Events Calendar version 1.1
**Description**
The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `path[docroot]` and `component` parameters.
**Recommendations**
For WebBiscuits Software Events Calendar version 1.1, consider restricting access to the `header setup.php` file in the `panel/common/theme/default` directory until a patch is available. As a temporary workaround, avoid using the `path[docroot]` and `component` parameters in URLs to minimize the risk of exploitation.