Unrated severityNVD Advisory· Published Jan 12, 2006· Updated Apr 16, 2026

CVE-2006-0183

Description

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.

Affected products

Acal/Calendar Project
cpe:2.3:a:acal:calendar_project:2.2.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

evuln.com/vulns/25/summary.htmlnvdVendor Advisory
secunia.com/advisories/18432nvd
securityreason.com/securityalert/343nvd
www.osvdb.org/22345nvd
www.securityfocus.com/archive/1/421744/100/0/threadednvd
www.vupen.com/english/advisories/2006/0152nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24107nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000