Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1922

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1922
Last Modified 07 Mar 2011 09:34:33
Published 20 Apr 2006 02:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1922

Summary

PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

Vulnerable Systems

Application

  • Sweetphp Totalcalendar 2.0

  • Sweetphp Totalcalendar 2.1

  • Sweetphp Totalcalendar 2.2


References

VUPEN - ADV-2006-1418

SECUNIA - 19730

BID - 17618

OSVDB - 24751

OSVDB - 24748

MISC - http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip

MISC - http://pridels0.blogspot.com/2006/04/totalcalendar-remote-code-execution.html


Last Updated: 27 May 2016 10:42:16