Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-08-31T10:00:00
Updated: 2024-08-07T19:14:46.914Z
Reserved: 2006-08-30T00:00:00
Link: CVE-2006-4458
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-08-31T10:04:00.000
Modified: 2024-11-21T00:15:59.750
Link: CVE-2006-4458
Redhat
No data.