Vulnerability Description
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php Icalendar | Php Icalendar | 2.0 |
References
- http://evuln.com/vulns/70/summary.htmlExploitPatchVendor Advisory
- http://phpicalendar.net/forums/viewtopic.php?t=396
- http://secunia.com/advisories/18778PatchVendor Advisory
- http://securityreason.com/securityalert/420
- http://www.securityfocus.com/archive/1/424424/100/0/threaded
- http://www.securityfocus.com/bid/16557
- http://www.vupen.com/english/advisories/2006/0493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24591
- http://evuln.com/vulns/70/summary.htmlExploitPatchVendor Advisory
- http://phpicalendar.net/forums/viewtopic.php?t=396
- http://secunia.com/advisories/18778PatchVendor Advisory
- http://securityreason.com/securityalert/420
- http://www.securityfocus.com/archive/1/424424/100/0/threaded
- http://www.securityfocus.com/bid/16557
- http://www.vupen.com/english/advisories/2006/0493
FAQ
What is CVE-2006-0648?
CVE-2006-0648 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replac...
How severe is CVE-2006-0648?
CVE-2006-0648 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0648?
Check the references section above for vendor advisories and patch information. Affected products include: Php Icalendar Php Icalendar.