Lucene search
PRIOn knowledge basePRION:CVE-2006-1291HistoryMar 19, 2006 - 11:02 p.m.
Authentication flaw
2006-03-1923:02:00
PRIOn knowledge base
www.prio-n.com
1
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php_icalendar | eq | 2.0.98 | |
| php_icalendar | eq | 2.0 | |
| php_icalendar | eq | 2.0.0-a2 | |
| php_icalendar | eq | 2.0.1 | |
| php_icalendar | le | 2.2.1 | |
| php_icalendar | eq | 2.1 | |
| php_icalendar | eq | 2.0.99 |
Related
nessus
nessus
PHP iCalendar publish.ical.php Arbitrary File Upload
2006-03-17 00:00:00
cvelist
cvelist
CVE-2006-1291
2006-03-19 23:00:00
cve
cve
CVE-2006-1291
2006-03-19 23:02:00
nvd
nvd
CVE-2006-1291
2006-03-19 23:02:00