Ltwcalendar has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the calendar.php script not properly sanitizing user input supplied to the 'ltw_config[include_dir]' variable. However, subsequent testing by CVE staff have determined that "the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement."
Remote / Network Access
Loss of Integrity
Myth / Fake
The vulnerability reported is incorrect. No solution required.