Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote malicious users to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fullrevolution aspwebcalendar2008 |