CVE-2006-2762 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2762
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2762

Description: PHP remote file inclusion vulnerability in includes/config.php in WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter, which is remotely accessed in an fopen call whose results are used to define a user_inc setting that is used in an include_once call.

CVE Status: Candidate

References: ST 1016179 SREASON http://securityreason.com/securityalert/1019 SAID Secunia Advisory: SA20367 Secunia Advisory: SA20542 OSVDB 25842 DEBIAN http://www.debian.org/security/2006/dsa-1096 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/436263/100/0/threaded http://www.securityfocus.com/archive/1/435379 BID 18175

Return to the previous page.