CVE-2006-4135

Name of the Vulnerable Software and Affected Versions Calendarix versions prior to 0.7.20060401

Description A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the calpath parameter. However, this issue has been disputed by a third party, who claims that the affected $calpath variable is set to a constant value at the beginning of the script.

Recommendations For Calendarix versions prior to 0.7.20060401, as a temporary workaround, consider restricting the use of the calpath parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.