WebCalendar.Pre.Auth.Code.Injection
Description
This indicates an attempt to exploit a Code Injection vulnerability in WebCalendar.
The vulnerability is caused by the application's failure to validate the "form_single_user_login" parameter in the "install/index.php" script. It allows remote attackers to execute arbitrary php code by sending a malicious request.
Affected Products
WebCalendar 1.2.4 and prior.
Impact
System compromise: remote code execution.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |