CVE-2006-5263

Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-12 06:07:00.000-04
Last Modified2017-10-18 09:29:31.000-04

Vulnerable Software List

VendorProductVersions
Phpmyagenda Phpmyagenda 3.1 beta 1

References

SourceLink
BID20453
VUPENADV-2006-4005
XFphpmyagenda-header-file-include(29413)
EXPLOIT-DB2500