CVE-2006-0648

Sažetak

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

Reference

http://evuln.com/vulns/70/summary.html
http://phpicalendar.net/forums/viewtopic.php?t=396
http://secunia.com/advisories/18778
http://securityreason.com/securityalert/420
http://www.securityfocus.com/archive/1/424424/100/0/threaded
http://www.securityfocus.com/bid/16557
http://www.vupen.com/english/advisories/2006/0493
https://exchange.xforce.ibmcloud.com/vulnerabilities/24591

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:45

Objavljeno

13-02-2006 - 11:06