PT-2006-4904 · Unknown · Visual Events Calendar

Mehmet Ince

Published

2006-08-10

Updated

2018-10-17

CVE-2006-4060

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Visual Events Calendar version 1.1

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cfg dir parameter in the calendar.php file.

Recommendations For Visual Events Calendar version 1.1, consider restricting access to the calendar.php file or avoid using the cfg dir parameter until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4060

Affected Products

Visual Events Calendar

PT-2006-4904 · Unknown · Visual Events Calendar

CVE-2006-4060

Related Identifiers

Affected Products

References · 9