CVE-2006-2570

Properties

Published:
23.05.2006
Updated:
25.05.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
CaLogic: CaLogic Calendars

Vulnerability description

PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue.

References:

http://www.milw0rm.com/exploits/1809: http://www.milw0rm.com/exploits/1809
BID: http://www.securityfocus.com/bid/18076