{ "schema_version": "1.4.0", "id": "GHSA-w4p7-9h4j-6h5x", "modified": "2022-04-29T02:59:33Z", "published": "2022-04-29T02:59:33Z", "aliases": [ "CVE-2004-1423" ], "details": "Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1423" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18710" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29710" }, { "type": "WEB", "url": "https://www.exploit-db.com/exploits/2608" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq&m=110434580716205&w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/22516" }, { "type": "WEB", "url": "http://securitytracker.com/id?1017107" }, { "type": "WEB", "url": "http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800" }, { "type": "WEB", "url": "http://www.gulftech.org/?node=research&article_id=00060-12292004" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/449397/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/12127" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/20657" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2006/4145" } ], "database_specific": { "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2004-12-31T05:00:00Z" } }