vendor:
Calendarix
by:
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: Calendarix
Affected Version From: 0.7
Affected Version To:
Patch Exists: No
Related CWE:
CPE:
Platforms Tested:
Calendarix Remote File Include Vulnerability
The Calendarix application is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Mitigation:
Apply proper input validation and sanitization to user-supplied input to prevent remote file inclusion vulnerabilities.