Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mfgx-9ppg-hfqp

Опубликовано: 01 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Ссылки

EPSS

Процентиль: 91%
0.07303
Низкий

CVE ID

CVE-2006-1292

Связанные уязвимости

nvd логотип

CVE-2006-1292

nvd
почти 20 лет назад

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

EPSS

Процентиль: 91%
0.07303
Низкий

CVE ID

CVE-2006-1292