CVE-2004-1423

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.

Affected (11)

Products: Php Calendar: Php Calendar

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Php Calendar Php Calendar	Up to 0.10
Php Calendar Php Calendar	Version 0.1
Php Calendar Php Calendar	Version 0.2
Php Calendar Php Calendar	Version 0.3
Php Calendar Php Calendar	Version 0.4
Php Calendar Php Calendar	Version 0.5
Php Calendar Php Calendar	Version 0.6
Php Calendar Php Calendar	Version 0.7
Php Calendar Php Calendar	Version 0.8
Php Calendar Php Calendar	Version 0.9.1
Php Calendar Php Calendar	Version 0.9

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (24)

http://marc.info/?l=bugtraq&m=110434580716205&w=2

Source: cve@mitre.org

http://secunia.com/advisories/22516

Source: cve@mitre.org

http://securitytracker.com/id?1017107

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

Source: cve@mitre.org

http://www.gulftech.org/?node=research&article_id=00060-12292004

Source: cve@mitre.org

ExploitPatch

http://www.securityfocus.com/archive/1/449397/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/12127

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/20657

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4145

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18710

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/29710

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2608

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110434580716205&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22516

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1017107

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gulftech.org/?node=research&article_id=00060-12292004

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.securityfocus.com/archive/1/449397/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/12127

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/20657

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/4145

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18710

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/29710

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/2608

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.