CVE-2006-1292

2006-03-19T23:02:00
ID CVE-2006-1292
Type cve
Reporter cve@mitre.org
Modified 2017-10-11T01:30:00

Description

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.