CVE-2006-1292 - OpenCVE

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Php Icalendar	Php Icalendar

Configuration 1 [-]

OR	cpe:2.3:a:php_icalendar:php_icalendar::::::::
	cpe:2.3:a:php_icalendar:php_icalendar:2.0:::::::*
	cpe:2.3:a:php_icalendar:php_icalendar:2.0.1:::::::*
	cpe:2.3:a:php_icalendar:php_icalendar:2.0a2:::::::*
	cpe:2.3:a:php_icalendar:php_icalendar:2.0b:::::::*
	cpe:2.3:a:php_icalendar:php_icalendar:2.0c:::::::*
	cpe:2.3:a:php_icalendar:php_icalendar:2.1:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/19285
http://www.securityfocus.com/bid/17125
http://www.vupen.com/english/advisories/2006/1019
https://www.exploit-db.com/exploits/1585

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-19T23:00:00

Updated: 2024-08-07T17:03:28.773Z

Reserved: 2006-03-19T00:00:00

Link: CVE-2006-1292

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-19T23:02:00.000

Modified: 2017-10-11T01:30:42.780

Link: CVE-2006-1292

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "17125", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17125"}, {"name": "19285", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19285"}, {"name": "ADV-2006-1019", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1019"}, {"name": "1585", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/1585"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1292", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "17125", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17125"}, {"name": "19285", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19285"}, {"name": "ADV-2006-1019", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1019"}, {"name": "1585", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/1585"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T17:03:28.773Z"}, "title": "CVE Program Container", "references": [{"name": "17125", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17125"}, {"name": "19285", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19285"}, {"name": "ADV-2006-1019", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1019"}, {"name": "1585", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/1585"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1292", "datePublished": "2006-03-19T23:00:00", "dateReserved": "2006-03-19T00:00:00", "dateUpdated": "2024-08-07T17:03:28.773Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:*:*:*:*:*:*:*:*", "matchCriteriaId": "0696F5DB-5ECE-459B-8144-6BC8D22E07CD", "versionEndIncluding": "2.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B902EBA5-32AA-4944-A2CA-321ABB86839D", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C478599-DCFC-4FEA-BCCF-1E76BD27B1BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.0a2:*:*:*:*:*:*:*", "matchCriteriaId": "24EA9277-E46F-4EF6-84BB-9CBB444A82F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.0b:*:*:*:*:*:*:*", "matchCriteriaId": "AC91C699-46E8-4700-B70D-014C00629F61", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.0c:*:*:*:*:*:*:*", "matchCriteriaId": "1D831B19-C8BF-4BE8-AEC4-2E6846AE14D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:php_icalendar:php_icalendar:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "869538E6-ECAA-4768-9368-ECEA2CD9ADEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php."}], "id": "CVE-2006-1292", "lastModified": "2017-10-11T01:30:42.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-19T23:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19285"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17125"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1019"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/1585"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}