2 matches found
CVE-2006-1291
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and...
CVE-2006-1291
CVE-2006-1291 affects PHP iCalendar versions prior to 2.25. The vulnerability allows remote attackers to upload and execute arbitrary PHP scripts by exploiting unauthenticated write access to the calendars directory via a WebDAV PUT request with a filename ending in .php plus a trailing null char...