CVE-2005-3366

medium

Description

PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22864

http://www.vupen.com/english/advisories/2005/2204

http://www.securityfocus.com/bid/15193

http://securitytracker.com/id?1015102

http://securityreason.com/securityalert/113

http://secunia.com/advisories/17328/

http://marc.info/?l=bugtraq&m=113025930517426&w=2

Details

Source: Mitre, NVD

Published: 2005-10-30

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium