CVE-2012-5385

Published Oct 11, 2012

Last updated 5 years ago

Overview

Description: install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C15E268-8EB4-47A8-90DC-CD69CD50A841"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91FEC4D3-4834-4280-8303-17DB2AFF5B02"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A495A3A9-D5D4-4520-BD08-E1ED14739011"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A080963-2939-4A64-AB20-88BCAE38493D"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C91371D-782F-4F37-ACA2-DDCBCA07EADA"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05214A0F-8AF1-411D-A95D-C27E30DDDB90"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0C4150C-F794-43E8-8830-306256B762A2"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7936AA3F-AF11-450E-B4C4-01435362A8BD"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE4761E3-3CC3-415C-B465-81D027A8873F"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "131F1948-C0F4-474B-B56B-B5F475B1E1A0"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BE8D526-A7ED-4AAA-9B55-81AFA5761848"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E2AE19F-7C9B-4AB3-8E7F-8FA7EDE0125F"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8810AF0D-2304-43B7-9507-DD429587E975"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE45F7F3-C367-4E0C-973E-43907482B696"
          },
          {
            "criteria": "cpe:2.3:a:webcalendar_project:webcalendar:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC83A8FD-0B1F-43DE-9DD3-EDDE8E8E7DD9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References