This vulnerability has been flagged as being a Myth/Fake.
Timeline
Disclosure Date
2006-06-13
Description
Ltwcalendar has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the calendar.php script not properly sanitizing user input supplied to the 'ltw_config[include_dir]' variable. However, subsequent testing by CVE staff have determined that "the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement."
Classification
Location:
Remote / Network Access
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
OSVDB:
Web Related,
Myth / Fake
Solution
The vulnerability reported is incorrect. No solution required.
bsdmail.org -
