CVE-2006-5263

Name of the Vulnerable Software and Affected Versions phpMyAgenda versions 3.1 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. This can be demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.

Recommendations For phpMyAgenda versions 3.1 and earlier, consider restricting access to the templates/header.php3 file until a patch is available. As a temporary workaround, avoid using the language parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.