Vulnerabilities > CVE-2006-7055 - Unspecified vulnerability in Sweetphp Totalcalendar
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN sweetphp
exploit available
Summary
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TotalCalendar <= 2.30 (inc) Remote File Include Vulnerability. CVE-2006-7055. Webapps exploit for php platform |
| file | exploits/php/webapps/1753.txt |
| id | EDB-ID:1753 |
| last seen | 2016-01-31 |
| modified | 2006-05-05 |
| platform | php |
| port | |
| published | 2006-05-05 |
| reporter | Aesthetico |
| source | https://www.exploit-db.com/download/1753/ |
| title | TotalCalendar <= 2.30 inc Remote File Include Vulnerability |
| type | webapps |
References
- http://securityreason.com/securityalert/2290
- http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip
- http://sweetphp.com/nuke/index.php
- http://www.osvdb.org/25237
- http://www.securityfocus.com/archive/1/431866/30/5370/threaded
- http://www.securityfocus.com/bid/17618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25878
- https://www.exploit-db.com/exploits/1753
- http://securityreason.com/securityalert/2290
- https://www.exploit-db.com/exploits/1753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25878
- http://www.securityfocus.com/bid/17618
- http://www.securityfocus.com/archive/1/431866/30/5370/threaded
- http://www.osvdb.org/25237
- http://sweetphp.com/nuke/index.php
- http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.zip