PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 up to and including 2.0.1 allows remote malicious users to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php icalendar php icalendar 2.0.1 |
||
php icalendar php icalendar 2.0a2 |
||
php icalendar php icalendar 2.0b |
||
php icalendar php icalendar 2.0c |