Release DateMar 14, 2007 |
Severitylow |
ImpactThe execution of arbitrary PHP code on the system. |
DescriptionIt indicates a possible exploit of a PHP remote file inclusion vulnerability in ACal.This flaw is due to an input validation error in the "embed/day.php" script that does not validate the "path" parameter. |
Affected ProductsACal ACal 2.2.6ACal ACal 2.2.5 ACal ACal 2.2.4 |
Recommended ActionsCurrently we are not aware of any official supplied fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-2261 |
Reference/shttp://www.frsirt.com/english/advisories/2006/1692 (FrSIRT)http://www.securityfocus.com/bid/17886 (BugTraq) |
