Description: A vulnerability has been reported in WebCalendar, which can be exploited by malicious people to include arbitrary files.
The vulnerability is caused due to an input validation error in "login.php" and "week_ssi.php" making it possible to supply arbitrary paths to files in the variable "$user_inc". This can be exploited by supplying a path to any file using "../../some_file".
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
