Vulnerabilities > CVE-2006-6812 - Remote File Include vulnerability in Myphpcalendar 10.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | myPHPCalendar 10192000b (cal_dir) Remote File Include Vulnerabilities. CVE-2006-6812. Webapps exploit for php platform |
file | exploits/php/webapps/3019.txt |
id | EDB-ID:3019 |
last seen | 2016-01-31 |
modified | 2006-12-26 |
platform | php |
port | |
published | 2006-12-26 |
reporter | Cr@zy_King |
source | https://www.exploit-db.com/download/3019/ |
title | myPHPCalendar 10192000b cal_dir Remote File Include Vulnerabilities |
type | webapps |
Nessus
NASL family | CGI abuses |
NASL id | MYPHPCALENDAR_INJECTION.NASL |
description | The remote web server appears to be hosting myPHPCalender. The installed version contains a vulnerability that could allow an attacker to make the remote host include php files hosted on a third party server. An attacker may use this flaw to inject arbitrary code in the remote host and gain a shell with the privileges of the web server. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11877 |
published | 2003-10-12 |
reporter | This script is Copyright (C) 2003-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/11877 |
title | myPHPcalendar Multiple Scripts cal_dir Parameter Remote File Inclusion |
code |
|