CVE-2006-7055

Опубликовано: 24 фев. 2007

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.

Ссылки

http://securityreason.com/securityalert/2290
http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip
Patch
http://sweetphp.com/nuke/index.php
http://www.osvdb.org/25237
http://www.securityfocus.com/archive/1/431866/30/5370/threaded
http://www.securityfocus.com/bid/17618
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25878
https://www.exploit-db.com/exploits/1753
http://securityreason.com/securityalert/2290
http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip
Patch
http://sweetphp.com/nuke/index.php
http://www.osvdb.org/25237
http://www.securityfocus.com/archive/1/431866/30/5370/threaded
http://www.securityfocus.com/bid/17618
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/25878
https://www.exploit-db.com/exploits/1753

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sweetphp:totalcalendar:*:*:*:*:*:*:*:*

Версия до 2.30 (включая)

EPSS

Процентиль: 95%

0.19447

Средний

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3f7x-25p9-vp9m

github

почти 4 года назад