TotalCalendar auth.php inc_dir Variable Remote File Inclusion

2006-04-19T09:32:33
ID OSVDB:24751
Type osvdb
Reporter VietMafia()
Modified 2006-04-19T09:32:33

Description

Vulnerability Description

TotalCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the auth.php script not properly sanitizing user input supplied to the 'inc_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

TotalCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the auth.php script not properly sanitizing user input supplied to the 'inc_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

References:

Vendor URL: http://www.sweetphp.com/ Secunia Advisory ID:19730 Related OSVDB ID: 24748 Other Advisory URL: http://pridels.blogspot.com/2006/04/totalcalendar-remote-code-execution.html ISS X-Force ID: 25878 FrSIRT Advisory: ADV-2006-1418 CVE-2006-1922 Bugtraq ID: 17618 Bugtraq ID: 25878