WebCalendar Remote Command Execution Vulnerability

WebCalendar is a freely available PHP web application used to maintain a calendar for one or more people.

An input validation error exists which could make it possible for a malicious user with a valid WebCalendar account to execute arbitrary commands remotely.

In WebCalendar configurations where "single user mode" is enabled (though not found by default), this vulnerability may be exploited by unauthenticated remote users.


Privacy Statement
Copyright 2010, SecurityFocus