CVE-2008-4673

Name of the Vulnerable Software and Affected Versions WebBiscuits Software Events Calendar version 1.1

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the path[docroot] and component parameters.

Recommendations For WebBiscuits Software Events Calendar version 1.1, consider restricting access to the header setup.php file in the panel/common/theme/default directory until a patch is available. As a temporary workaround, avoid using the path[docroot] and component parameters in URLs to minimize the risk of exploitation.