CVE-2006-0648

Name of the Vulnerable Software and Affected Versions PHP iCalendar versions 2.0.1 through 2.2

Description The issue allows remote attackers to include arbitrary files, potentially leading to security breaches. This is achieved through directory traversal vulnerabilities, specifically via the getdate parameter and possibly other parameters in the replace files function in search.php, as well as the $file variable in the parse function in functions/template.php.

Recommendations For PHP iCalendar versions 2.0.1 through 2.2, consider restricting access to the replace files function in search.php and the parse function in functions/template.php to minimize the risk of exploitation. Avoid using the getdate parameter and the $file variable in the affected functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.