CVE-2008-5968

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.
Configurations

Configuration 1

cpe:2.3:a:phpicalendar:phpicalendar:2.22:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.21:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.23:rc1:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:*:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:0.9:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.23:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:1.1:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:0.8:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.0:beta:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:2.0c:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpicalendar:phpicalendar:0.9.5:*:*:*:*:*:*:*

Information

Published : 2009-01-26 08:30

Updated : 2017-10-19 01:30


NVD link : CVE-2008-5968

Mitre link : CVE-2008-5968

Products Affected
No products.
CWE