Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0648

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0648
Last Modified 07 Mar 2011 09:30:30
Published 13 Feb 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0648

Summary

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

Vulnerable Systems

Application

  • Php Icalendar 2.0

  • Php Icalendar 2.0.1

  • Php Icalendar 2.1


References

BUGTRAQ - 20060208 [eVuln] PHP iCalendar File Inclusion Vulnerability

SECUNIA - 18778

MISC - http://evuln.com/vulns/70/summary.html

VUPEN - ADV-2006-0493

BID - 16557

CONFIRM - http://phpicalendar.net/forums/viewtopic.php?t=396

XF - phpicalendar-template-search-file-include(24591)

SREASON - 420


Last Updated: 27 May 2016 10:41:44