CVE-2006-1292

PHP iCalendar <2.21 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1292. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a local file inclusion vulnerability in php iCalendar <=2.21 by injecting malicious PHP code into Apache log files via HTTP headers and then including the log file through manipulated cookie values. The exploit uses null byte injection to bypass path restrictions and achieve remote command execution.

Description

Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1585

View Code ZIP pw:eip

This exploit leverages a local file inclusion vulnerability in php iCalendar <=2.21 by injecting malicious PHP code into Apache log files via HTTP headers and then including the log file through manipulated cookie values. The exploit uses null byte injection to bypass path restrictions and achieve remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: php iCalendar <=2.21

No auth needed

Prerequisites: Target must have php iCalendar <=2.21 installed · Apache log files must be writable and accessible via the vulnerability · PHP must be configured to allow file inclusion via cookies

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →