Detections
Analytics

CVE-2006-0648

critical

Description

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24591

http://www.vupen.com/english/advisories/2006/0493

http://www.securityfocus.com/bid/16557

http://www.securityfocus.com/archive/1/424424/100/0/threaded

http://securityreason.com/securityalert/420

http://secunia.com/advisories/18778

http://phpicalendar.net/forums/viewtopic.php?t=396

Details

Source: Mitre, NVD

Published: 2006-02-13

Updated: 2018-10-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical