Release DateApr 15, 2008 |
Severitymedium |
ImpactSystem Compromise. |
DescriptionThis indicates an attempt to exploit a PHP remote file inclusion vulnerability in ActiveCalendar.The vulnerability is due to an input validation error in the "data/showcode.php" script. The script does not validate the "page" parameter before it is passed to an "fread()" call. This can be exploited by remote attackers to disclose the contents of arbitrary files. |
Affected ProductsActive Calendar 1.2 |
Recommended ActionsApply the latest update from the vendor:http://www.micronetwork.de/activecalendar/. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-1110 |
Reference/shttp://www.frsirt.com/english/advisories/2007/0759 (FrSIRT)http://www.securityfocus.com/bid/22704 (BugTraq) |
