PHP iCalendar Local File Inclusion

High Nessus Network Monitor Plugin ID 3479


The remote host is vulnerable to multiple attack vectors.


The remote host is running PHP iCalendar, an open-source PHP blog. This version of iCalendar is vulnerable to a flaw wherein a local user can gain access to confidential data by requesting the data from the iCalendar application. Successful exploitation would lead to a local user gaining access to confidential data. In addition, the remote host is vulnerable to a remote file upload flaw. An attacker exploiting this flaw would be able to manipulate the application into uploading and executing potentially malicious scripts.


No solution is known at this time.

See Also

Plugin Details

Severity: High

ID: 3479

Family: CGI

Published: 2006/03/17

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 17125, 17129

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:W/RC:ND


Base Score: 7.3

Temporal Score: 6.9


Temporal Vector: CVSS3#E:F/RL:W/RC:X

Vulnerability Information

CPE: cpe:/a:php_icalendar:php_icalendar

Reference Information

CVE: CVE-2006-1291, CVE-2005-0244, CVE-2005-0246, CVE-2005-0227, CVE-2005-0245, CVE-2005-0247, CVE-2006-1292

BID: 12411, 12417, 17125, 17129