Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHP-Calendar Remote File Include Vulnerability


Vulnerability Assessment Details

PHP-Calendar Remote File Include Vulnerability

Vulnerability Assessment Summary
Acertains if PHP-Calendar can include third-party files

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a
remote file include vulnerability.

Description :

The remote web server is running PHP-Calendar, a web-based calendar
written in PHP.

The remote version of this software is vulnerable to a file inclusion
flaw which may permit a possible hacker to execute arbitrary PHP commands on
the remote host.

See also :

http://www.gulftech.org/?node=research&article_id=00060-12292004
http://archives.neohapsis.com/archives/bugtraq/2004-12/0441.html
http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

Solution :

Upgrade to PHP-Calendar version 0.10.1 or later.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 12127, 20657

Vulnerability Assessment Copyright: This script is Copyright (C) 2004-2006 Tenable Network Security

Cables, Connectors


IBM Power S822 8284-22A 12SFF Power8 3.89GHz 6Core 64GB RAM No HDD Server System picture

IBM Power S822 8284-22A 12SFF Power8 3.89GHz 6Core 64GB RAM No HDD Server System

$359.99



IBM Server System X3100 M4 | Xeon @ 3.10 Ghz | 8GB | 250GB HDD No OS (IG-PC26) picture

IBM Server System X3100 M4 | Xeon @ 3.10 Ghz | 8GB | 250GB HDD No OS (IG-PC26)

$96.01



IBM System X3250 M3 Server 8GB RAM Intel Xeon x3440 2.53ghz (NO HDD) picture

IBM System X3250 M3 Server 8GB RAM Intel Xeon x3440 2.53ghz (NO HDD)

$36.53



IBM x3650 M4 2x Xeon E5-2670 2.6ghz 16-Core / 64GB / M5110e / 2x PSU picture

IBM x3650 M4 2x Xeon E5-2670 2.6ghz 16-Core / 64GB / M5110e / 2x PSU

$229.99



IBM System x3550 M3 Dual Intel Xeon X5650 @2.67GHz 32GB RAM No HDD picture

IBM System x3550 M3 Dual Intel Xeon X5650 @2.67GHz 32GB RAM No HDD

$74.50



ibm server z series picture

ibm server z series

$16000.00



IBM System X3100 M5 (PN: 5457-AC1) Server picture

IBM System X3100 M5 (PN: 5457-AC1) Server

$275.00



Lenovo x3550 M5 Server - 120Gb SSD/3x300Gb SAS, 32GB Ram, 2x3.5Ghz CPUs, Proxmox picture

Lenovo x3550 M5 Server - 120Gb SSD/3x300Gb SAS, 32GB Ram, 2x3.5Ghz CPUs, Proxmox

$280.00



NEW IBM Q Radar xx29 2x Xeon E5-2667 v4 3.2ghz 16-Cores / 128gb / M5120 RAID picture

NEW IBM Q Radar xx29 2x Xeon E5-2667 v4 3.2ghz 16-Cores / 128gb / M5120 RAID

$529.99



IBM x3250 M4 1U Server With Four 2.5

IBM x3250 M4 1U Server With Four 2.5" Drive Bays

$299.99



Discussions

No Discussions have been posted on this vulnerability.