 |
|
|
|
| Vulnerability details : |
| |
 |
|
ACal edit.php Template Modification Arbitrary PHP Code Execution |
|
|
Fiche créée le 2006-01-12 15:34:50, dernière mise à jour le 2008-03-02 23:55:04
ACal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a user with administrative rights on the application being able to edit the source code of the 'header.php' and 'footer.php' files. This may allow an attacker to add arbitrary PHP code to either file which will be executed when the page is visited/loaded normally.
An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability.
|
| |
| ACal Calendar Project 2.2.5 Affected | | | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2006-01-12 15:32:57
| | Exploit : Exploit Public | Exploit découvert le 2006-01-12 07:00:00
| Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 22345 | | | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
