Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3556

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-3556
Last Modified 07 Mar 2011 09:38:53
Published 12 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3556

Summary

PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Vulnerable Systems

Application

  • Extcalendar 2.0


References

XF - extcalendar-extcalendar-file-include(27633)

VUPEN - ADV-2006-2711

BID - 19042

BID - 18876

BUGTRAQ - 20060718 ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities

BUGTRAQ - 20060707 [ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities

MISC - http://advisories.echo.or.id/adv/adv36-matdhule-2006.txt

BUGTRAQ - 20060719 Re: ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities

SREASON - 1227


Last Updated: 27 May 2016 10:43:02