Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
CPE | Name | Operator | Version |
---|---|---|---|
phpicalendar | eq | 2.22 | |
phpicalendar | eq | 2.21 | |
phpicalendar | eq | 2.23 rc1 | |
phpicalendar | le | 2.24 | |
phpicalendar | eq | 2.2 | |
phpicalendar | eq | 0.9 | |
phpicalendar | eq | 2.0.1 | |
phpicalendar | eq | 2.23 | |
phpicalendar | eq | 1.1 | |
phpicalendar | eq | 0.8 |