Vulnerabilities > CVE-2006-1922 - Remote File Include vulnerability in Sweetphp Totalcalendar 2.0/2.1/2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | otalCalendar 0 about.php inc_dir Parameter Remote File Inclusion. CVE-2006-1922. Webapps exploit for php platform |
| id | EDB-ID:27693 |
| last seen | 2016-02-03 |
| modified | 2006-04-19 |
| published | 2006-04-19 |
| reporter | VietMafia |
| source | https://www.exploit-db.com/download/27693/ |
| title | otalCalendar - about.php inc_dir Parameter Remote File Inclusion |
References
- http://pridels0.blogspot.com/2006/04/totalcalendar-remote-code-execution.html
- http://secunia.com/advisories/19730
- http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip
- http://www.osvdb.org/24748
- http://www.osvdb.org/24751
- http://www.securityfocus.com/bid/17618
- http://www.vupen.com/english/advisories/2006/1418