CVE-2006-1922
published 2006-04-20CVE-2006-1922: PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP340medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
3.00%
85.7th percentile
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sweetphp | totalcalendar | <= 2.30 | — |
| sweetphp | totalcalendar | — | — |
| sweetphp | totalcalendar | — | — |
| sweetphp | totalcalendar | — | — |
| sweetphp | totalcalendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vcw-72h8-x9g2: PHP remote file inclusion vulnerability in config
ghsa_unreviewed·2022-05-02·CVSS 6.4
CVE-2009-4928 [MEDIUM] CWE-94 GHSA-5vcw-72h8-x9g2: PHP remote file inclusion vulnerability in config
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
GHSA
GHSA-3f7x-25p9-vp9m: PHP remote file inclusion vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 6.4
CVE-2006-7055 [MEDIUM] GHSA-3f7x-25p9-vp9m: PHP remote file inclusion vulnerability in index
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
GHSA
GHSA-hv63-698c-9x4g: PHP remote file inclusion vulnerability in (1) about
ghsa_unreviewed·2022-05-01
CVE-2006-1922 [MEDIUM] GHSA-hv63-698c-9x4g: PHP remote file inclusion vulnerability in (1) about
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
No detection rules found.
No writeups or analysis indexed.
http://pridels0.blogspot.com/2006/04/totalcalendar-remote-code-execution.htmlhttp://secunia.com/advisories/19730http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.ziphttp://www.osvdb.org/24748http://www.osvdb.org/24751http://www.securityfocus.com/bid/17618http://www.vupen.com/english/advisories/2006/1418http://pridels0.blogspot.com/2006/04/totalcalendar-remote-code-execution.htmlhttp://secunia.com/advisories/19730http://sweetphp.com/files/downloads/patches/TotalCalendar/Security_Patch.ziphttp://www.osvdb.org/24748http://www.osvdb.org/24751http://www.securityfocus.com/bid/17618http://www.vupen.com/english/advisories/2006/1418
2006-04-20
Published