Vulnerabilities > CVE-2006-3041 - Unspecified vulnerability in Codewalkers Ltwcalendar 4.1.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://securityreason.com/securityalert/1099
- http://securityreason.com/securityalert/1099
- http://www.attrition.org/pipermail/vim/2006-June/000866.html
- http://www.attrition.org/pipermail/vim/2006-June/000866.html
- http://www.osvdb.org/27452
- http://www.osvdb.org/27452
- http://www.securityfocus.com/archive/1/436996/100/0/threaded
- http://www.securityfocus.com/archive/1/436996/100/0/threaded