Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, (c) showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
local Calendar System 安全漏洞
Vulnerability Description
local Calendar System 1.1 中的多个 PHP 远程文件存在安全漏洞,允许远程攻击者通过 (1) TEMPLATE_DIR 参数中的 URL 执行任意 PHP 代码到 (a) showinvoices.php, (b) showmonth.php, ( c) showevents.php、(d)retrieveinvoice.php、(e) modifyitem.php和(f)lookup_userid.php;或 (g) editevent.php、(h) resetpasswor
CVSS Information
N/A
Vulnerability Type
N/A