CVE-2006-0183

Name of the Vulnerable Software and Affected Versions ACal Calendar Project version 2.2.5

Description A direct static code injection issue allows authenticated users to execute arbitrary PHP code. This is achieved via the edit parameter, specifically through the edit=header value, which modifies header.php, or the edit=footer value, which modifies footer.php. The issue might be related to poor authentication.

Recommendations For ACal Calendar Project version 2.2.5, consider restricting access to the edit.php file to prevent authenticated users from modifying header.php and footer.php files until a proper fix is applied. As a temporary workaround, limit the ability of administrators to edit code directly to minimize the risk of exploitation.