PT-2008-5886 · Webbiscuits · Webbiscuits Software Events Calendar

Kevin Mitnick

Published

2008-10-22

Updated

2017-09-29

CVE-2008-4673

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WebBiscuits Software Events Calendar version 1.1

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the path[docroot] and component parameters.

Recommendations For WebBiscuits Software Events Calendar version 1.1, consider restricting access to the header setup.php file in the panel/common/theme/default directory until a patch is available. As a temporary workaround, avoid using the path[docroot] and component parameters in URLs to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2008-4673

Affected Products

Webbiscuits Software Events Calendar

PT-2008-5886 · Webbiscuits · Webbiscuits Software Events Calendar

CVE-2008-4673

Weakness Enumeration

Related Identifiers

Affected Products

References · 7