Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHP-Calendar Remote File Include Vulnerability


Vulnerability Assessment Details

PHP-Calendar Remote File Include Vulnerability

Vulnerability Assessment Summary
Acertains if PHP-Calendar can include third-party files

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP script that is affected by a
remote file include vulnerability.

Description :

The remote web server is running PHP-Calendar, a web-based calendar
written in PHP.

The remote version of this software is vulnerable to a file inclusion
flaw which may permit a possible hacker to execute arbitrary PHP commands on
the remote host.

See also :

http://www.gulftech.org/?node=research&article_id=00060-12292004
http://archives.neohapsis.com/archives/bugtraq/2004-12/0441.html
http://sourceforge.net/project/shownotes.php?release_id=296020&group_id=46800

Solution :

Upgrade to PHP-Calendar version 0.10.1 or later.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)

Networks Security ID: 12127, 20657

Vulnerability Assessment Copyright: This script is Copyright (C) 2004-2006 Tenable Network Security

Cables, Connectors


ASUS PRIME Q270M-C MOTHERBOARD INTEL LGA1151 DDR4 M.2 INTEL OPTANE I/O SHIELD picture

ASUS PRIME Q270M-C MOTHERBOARD INTEL LGA1151 DDR4 M.2 INTEL OPTANE I/O SHIELD

$39.99



*8th + 9th Gen Only* Gigabyte Q370M D3H GSM PLUS LGA 1151 mATX Motherboard picture

*8th + 9th Gen Only* Gigabyte Q370M D3H GSM PLUS LGA 1151 mATX Motherboard

$55.99



Gigabyte B560 DS3H AC IntelB560 LGA 1200 ATX Desktop Motherboard B  picture

Gigabyte B560 DS3H AC IntelB560 LGA 1200 ATX Desktop Motherboard B

$59.99



Gigabyte B560 DS3H AC Intel LGA 1200 DDR4 ATX Motherboard picture

Gigabyte B560 DS3H AC Intel LGA 1200 DDR4 ATX Motherboard

$69.95



GIGABYTE B450M GAMING X Motherboard W/AMD CPU Ryzen 5 3600@3.6GHz w/Heatsink Kit picture

GIGABYTE B450M GAMING X Motherboard W/AMD CPU Ryzen 5 3600@3.6GHz w/Heatsink Kit

$109.99



ASRock B550M-C AMD AM4 DDR4 microATX Motherboard picture

ASRock B550M-C AMD AM4 DDR4 microATX Motherboard

$79.95



MSI PRO Z690-A WIFI DDR4 INTEL PCIE 5.0 WiFi 6E ATX Motherboard picture

MSI PRO Z690-A WIFI DDR4 INTEL PCIE 5.0 WiFi 6E ATX Motherboard

$89.99



NEW MSI A520M-A PRO AM4 AMD A520 USB3.2 Gen1 Micro-ATX Motherboard picture

NEW MSI A520M-A PRO AM4 AMD A520 USB3.2 Gen1 Micro-ATX Motherboard

$58.98



(Factory Refurbished) GIGABYTE B660 DS3H AC DDR4 INTEL LGA 1700 ATX MOTHERBOARD picture

(Factory Refurbished) GIGABYTE B660 DS3H AC DDR4 INTEL LGA 1700 ATX MOTHERBOARD

$79.99



Gigabyte B650 Aorus Elite Ax V2 (am5/ Lga 1718/ Amd/ B650/ Atx/ 5-year Warranty picture

Gigabyte B650 Aorus Elite Ax V2 (am5/ Lga 1718/ Amd/ B650/ Atx/ 5-year Warranty

$159.99



Discussions

No Discussions have been posted on this vulnerability.