[VIM] Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities

[Steven M. Christey]

Ref - bugtraq post as above.

researcher - SpC-x


the claimed affected version 4.1.3 has calendar.php:

  require_once('./private/ltw_config.php');
  require_once($ltw_config['include_dir'].'/ltw_classes.php');

and - are you sitting down? - ltw_config.php says:

  $ltw_config['include_dir']	= './private';


- Steve