Lucene search

[email protected]CVE-2006-0648

HistoryFeb 13, 2006 - 11:06 a.m.

CVE-2006-0648

2006-02-1311:06:00

[email protected]

web.nvd.nist.gov

cve-2006-0648

php icalendar

directory traversal

vulnerability

remote code execution

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

Affected configurations

NVD

Node

php_icalendarphp_icalendarMatch2.0

php_icalendarphp_icalendarMatch2.0.1

php_icalendarphp_icalendarMatch2.1

CPENameOperatorVersion
php_icalendar:php_icalendarphp icalendareq2.0
php_icalendar:php_icalendarphp icalendareq2.0.1
php_icalendar:php_icalendarphp icalendareq2.1

CPE	Name	Operator	Version
php_icalendar:php_icalendar	php icalendar	eq	2.0
php_icalendar:php_icalendar	php icalendar	eq	2.0.1
php_icalendar:php_icalendar	php icalendar	eq	2.1

References

evuln.com/vulns/70/summary.html

phpicalendar.net/forums/viewtopic.php?t=396

secunia.com/advisories/18778

securityreason.com/securityalert/420

www.securityfocus.com/archive/1/424424/100/0/threaded

www.securityfocus.com/bid/16557

www.vupen.com/english/advisories/2006/0493

exchange.xforce.ibmcloud.com/vulnerabilities/24591

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2006-0648

prion1 nvd1 cvelist1 nessus1