cbcvebase.
CVE-2006-4458
published 2006-08-31

CVE-2006-4458: Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary…

PriorityP333medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
3.19%
86.5th percentile
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpgroupwarephpgroupware
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.