publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and previous versions does not require authentication for write access to the calendars directory, which allows remote malicious users to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php icalendar php icalendar 2.0 |
||
php icalendar php icalendar 2.0.1 |
||
php icalendar php icalendar 2.0a2 |
||
php icalendar php icalendar 2.0b |
||
php icalendar php icalendar 2.0c |
||
php icalendar php icalendar 2.1 |
||
php icalendar php icalendar |