Vulnerabilities > CVE-2006-4135 - Unspecified vulnerability in Vincent HOR Calendarix
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.securityfocus.com/archive/1/443152/100/0/threaded
- http://www.attrition.org/pipermail/vim/2006-August/000975.html
- http://securitytracker.com/id?1016694
- http://www.osvdb.org/28284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28349
- http://www.securityfocus.com/archive/1/443292/100/0/threaded
- http://www.securityfocus.com/archive/1/443225/100/0/threaded
- http://www.securityfocus.com/archive/1/443018/100/0/threaded