CVE-2005-2155

EasyPHPCalendar 6.1.5 - Remote File Inclusion via serverPath Parameter

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2005-2155. PoCs published by Albania Security Clan.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in EasyPHPCalendar 6.1.5, where unsanitized user input allows arbitrary server-side script execution. The example URL demonstrates how an attacker could exploit this by including remote code via the 'serverPath' parameter.

Description

PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.

Exploits (5)

exploitdb WRITEUP VERIFIED
by Albania Security Clan · textwebappsphp
https://www.exploit-db.com/exploits/25932

The provided text describes a remote file inclusion vulnerability in EasyPHPCalendar 6.1.5, where unsanitized user input allows arbitrary server-side script execution. The example URL demonstrates how an attacker could exploit this by including remote code via the 'serverPath' parameter.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: EasyPHPCalendar 6.1.5
No auth needed
Prerequisites: Access to the vulnerable endpoint · Remote server hosting malicious code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Albania Security Clan · textwebappsphp
https://www.exploit-db.com/exploits/25929

The code describes a remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 due to improper input sanitization. An attacker can exploit this by injecting a remote URL into the 'serverPath' parameter to execute arbitrary server-side script code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EasyPHPCalendar 6.1.5
No auth needed
Prerequisites: Remote server hosting malicious script · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Albania Security Clan · textwebappsphp
https://www.exploit-db.com/exploits/25930

The provided text describes a remote file inclusion vulnerability in EasyPHPCalendar 6.1.5, where unsanitized user input in the 'serverPath' parameter allows arbitrary server-side script execution. The example URL demonstrates how an attacker could exploit this to include remote code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: EasyPHPCalendar 6.1.5
No auth needed
Prerequisites: Access to the vulnerable parameter in the URL · Remote server hosting malicious script
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Albania Security Clan · textwebappsphp
https://www.exploit-db.com/exploits/25931

The provided text describes a remote file inclusion vulnerability in EasyPHPCalendar 6.1.5, where unsanitized user input allows arbitrary server-side script execution. The example URL demonstrates how an attacker could exploit this by injecting a remote script path.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: EasyPHPCalendar 6.1.5
No auth needed
Prerequisites: Network access to the target server · PHP remote file inclusion enabled on the server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Albania Security Clan · textwebappsphp
https://www.exploit-db.com/exploits/25928

The provided text describes a remote file inclusion vulnerability in EasyPHPCalendar version 6.1.5, where unsanitized user input allows arbitrary server-side script execution. The example URL demonstrates how an attacker could exploit this by injecting a remote code path.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: EasyPHPCalendar 6.1.5
No auth needed
Prerequisites: Remote server hosting malicious script · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15893

Scores

EPSS 0.0340
EPSS Percentile 87.3%

Details

Status published
Products (1)
easyphpcalendar/easyphpcalendar 6.1.5
Published Jul 06, 2005
Tracked Since Feb 18, 2026