4 matches found
CVE-2006-0183
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...
CVE-2006-0182
CVE-2006-0182 affects ACal Calendar Project 2.2.5. The vulnerability in login.php allows remote bypass of authentication by setting the ACalAuthenticate cookie to the literal value “inside,” enabling unauthorized access. Relatedly, CVE-2006-0183 in edit.php permits authenticated users to execute ...
CVE-2006-0182
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside"...
Code injection
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via 1 the edit=header value, which modifies header.php, or 2 the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from th...