Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3366

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-3366
Last Modified 07 Mar 2011 09:26:25
Published 30 Oct 2005 09:34:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3366

Summary

PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.

Vulnerable Systems

Application

  • Php Icalendar 2.0.1

  • Php Icalendar 2.0a2

  • Php Icalendar 2.0b

  • Php Icalendar 2.0c


References

MISC - http://www.ush.it/2005/10/25/php-icalendar-css/

BUGTRAQ - 20051025 PHP iCalendar CSS

XF - phpicalendar-index-file-include(22864)

VUPEN - ADV-2005-2204

BID - 15193

SECUNIA - 17328

SECTRACK - 1015102

SREASON - 113


Last Updated: 27 May 2016 10:40:54