CVE-2005-3366

Опубликовано: 30 окт. 2005

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.

Ссылки

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0512.html
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=113025930517426&w=2
http://secunia.com/advisories/17328/
Vendor Advisory
http://securityreason.com/securityalert/113
http://securitytracker.com/id?1015102
http://www.securityfocus.com/bid/15193
http://www.ush.it/2005/10/25/php-icalendar-css/
Exploit
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2204
https://exchange.xforce.ibmcloud.com/vulnerabilities/22864
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0512.html
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=113025930517426&w=2
http://secunia.com/advisories/17328/
Vendor Advisory
http://securityreason.com/securityalert/113
http://securitytracker.com/id?1015102
http://www.securityfocus.com/bid/15193
http://www.ush.it/2005/10/25/php-icalendar-css/
Exploit
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2005/2204
https://exchange.xforce.ibmcloud.com/vulnerabilities/22864

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php_icalendar:php_icalendar:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:php_icalendar:php_icalendar:2.0a2:*:*:*:*:*:*:*

cpe:2.3:a:php_icalendar:php_icalendar:2.0b:*:*:*:*:*:*:*

cpe:2.3:a:php_icalendar:php_icalendar:2.0c:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03833

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-g8c8-8m7v-7v94

github

почти 4 года назад