Detections
Analytics

PHP iCalendar index.php phpicalendar Parameter Remote File Inclusion

medium Nessus Plugin ID 20091

Language:

Synopsis

The remote web server contains a PHP script that is prone to a remote file include vulnerability.

Description

The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP.

The version of PHP iCalendar installed on the remote host fails to sanitize the 'phpicalendar' cookie before using it in 'index.php' to include PHP code from a separate file. By leveraging this flaw, an unauthenticated attacker may be able to view arbitrary files on the remote host and execute arbitrary PHP code, possibly taken from third-party hosts. Successful exploitation requires that PHP's 'magic_quotes' setting be disabled, that its 'allow_url_fopen' setting be enabled, or that an attacker be able to place PHP files on the remote host.

Solution

Upgrade to a version of PHP iCalendar later than 2.0.1 when it becomes available.

See Also

https://seclists.org/fulldisclosure/2005/Oct/527

Plugin Details

Severity: Medium

ID: 20091

File Name: phpicalendar_file_include.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 10/27/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:php_icalendar:php_icalendar

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 10/25/2005

Reference Information

CVE: CVE-2005-3366

BID: 15193