PT-2006-4976 · Calendarix · Calendarix
Carsten Eilers
·
Published
2006-08-14
·
Updated
2024-08-07
·
CVE-2006-4135
CVSS v2.0
7.5
7.5
High
| Base vector | Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Calendarix versions prior to 0.7.20060401
Description:
A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the `calpath` parameter. However, this issue has been disputed by a third party, who claims that the affected `$calpath` variable is set to a constant value at the beginning of the script.
Recommendations:
For Calendarix versions prior to 0.7.20060401, as a temporary workaround, consider restricting the use of the `calpath` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Related Identifiers
CVE-2006-4135
Affected Products
Calendarix
References · 10
- https://nvd.nist.gov/vuln/detail/CVE-2006-4135 · Security Note
- http://securityfocus.com/archive/1/443292/100/0/threaded · Note
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28349 · Note
- http://securityfocus.com/archive/1/443225/100/0/threaded · Note
- http://osvdb.org/28284 · Note
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4135 · Note
- http://securitytracker.com/id?1016694 · Note
- http://securityfocus.com/archive/1/443152/100/0/threaded · Note
- http://securityfocus.com/archive/1/443018/100/0/threaded · Note
- http://attrition.org/pipermail/vim/2006-August/000975.html · Note