Directory traversal vulnerability in index.php in Simple PHP Agenda 2.2.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
Software | From | Fixed in |
---|---|---|
simple_php_agenda / simple_php_agenda | - | 2.2.4.x |
simple_php_agenda / simple_php_agenda | 2.0.0 | 2.0.0.x |
simple_php_agenda / simple_php_agenda | 2.1.0 | 2.1.0.x |
simple_php_agenda / simple_php_agenda | 2.2.0 | 2.2.0.x |
simple_php_agenda / simple_php_agenda | 2.2.1 | 2.2.1.x |
simple_php_agenda / simple_php_agenda | 2.2.2 | 2.2.2.x |
simple_php_agenda / simple_php_agenda | 2.2.3 | 2.2.3.x |