1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: WebCalendar Code Injection CVE-2012-1495

Attack: WebCalendar Code Injection CVE-2012-1495

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature attempts to detect a code-injection vulnerability in WebCalendar which may result in execution of arbitrary files from the vulnerable system.

Additional Information

WebCalendar is a PHP-based application.

Since it fails to properly sanitize user-supplied input, the application is prone to these input-validation vulnerabilities:

1. A PHP code-injection vulnerability affects the '/install/index.php' script.

2. A local file-include vulnerability affects the 'pref_THEME' variable of the 'pref.php' script.

An attacker can exploit these issues to inject arbitrary PHP code and include and execute arbitrary files from the vulnerable system in the context of the affected application. Other attacks are also possible.

Affected

  • WebCalendar 1.2.4 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube