Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5968

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5968
Last Modified 05 Feb 2009 01:52:49
Published 26 Jan 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5968

Summary

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.

Vulnerable Systems

Application

  • Phpicalendar 0.7

  • Phpicalendar 0.8

  • Phpicalendar 0.9

  • Phpicalendar 0.9.5

  • Phpicalendar 1.0

  • Phpicalendar 1.1

  • Phpicalendar 2.0

  • Phpicalendar 2.0.1

  • Phpicalendar 2.0c

  • Phpicalendar 2.1

  • Phpicalendar 2.2

  • Phpicalendar 2.21

  • Phpicalendar 2.22

  • Phpicalendar 2.23

  • Phpicalendar 2.24


References

XF - phpicalendar-print-file-include(48322)

MILW0RM - 6519


Last Updated: 27 May 2016 10:49:00