CVE-2006-6634

Name of the Vulnerable Software and Affected Versions ExtCalThai (com extcalendar) versions 0.9.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the CONFIG EXT[LANGUAGES DIR] parameter to "admin events.php", the mosConfig absolute path parameter to "extcalendar.php", or the CONFIG EXT[LIB DIR] parameter to "lib/mail.inc.php".

Recommendations For ExtCalThai (com extcalendar) versions 0.9.1 and earlier, consider disabling the vulnerable parameters CONFIG EXT[LANGUAGES DIR], mosConfig absolute path, and CONFIG EXT[LIB DIR] until a patch is available. Restrict access to the affected files "admin events.php", "extcalendar.php", and "lib/mail.inc.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.