Unrated severityNVD Advisory· Published Oct 11, 2012· Updated Apr 29, 2026
CVE-2012-5385
CVE-2012-5385
Description
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
Affected products
15cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*+ 14 more
- cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:webcalendar_project:webcalendar:1.2:b1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.