Unrated severityNVD Advisory· Published Feb 13, 2006· Updated Apr 16, 2026

CVE-2006-0648

Description

Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

Affected products

Php Icalendar/Phpicalendar3 versions
cpe:2.3:a:php_icalendar:php_icalendar:2.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:php_icalendar:php_icalendar:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php_icalendar:php_icalendar:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php_icalendar:php_icalendar:2.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18778nvdPatchVendor Advisory
evuln.com/vulns/70/summary.htmlnvdExploitPatchVendor Advisory
phpicalendar.net/forums/viewtopic.phpnvd
securityreason.com/securityalert/420nvd
www.securityfocus.com/archive/1/424424/100/0/threadednvd
www.securityfocus.com/bid/16557nvd
www.vupen.com/english/advisories/2006/0493nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24591nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000