Intrusion Prevention

ACal.Arbitrary.Command.Execution

Description

It indicates a possible exploit of a PHP remote file inclusion vulnerability in ACal.
This flaw is due to an input validation error in the "embed/day.php" script that does not validate the "path" parameter.

Affected Products

ACal ACal 2.2.6
ACal ACal 2.2.5
ACal ACal 2.2.4

Impact

The execution of arbitrary PHP code on the system.

Recommended Actions

Currently we are not aware of any official supplied fix for this issue.

CVE References

CVE-2006-2261