QwikSec

Security Database

CVE

CWE

Training

CVE-2006-0183

Published: Jan 12, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SREASON

http://evuln.com/vulns/25/summary.html

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion

mailing-list

x_refsource_BUGTRAQ

acal-header-footer-code-execute(24107)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.