3 matches found
CVE-2008-5967
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar aka .ics file with arbitrary content to the calendars/ directory outside the web root...
CVE-2008-5967
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar aka .ics file with arbitrary content to the calendars/ directory outside the web root...
CVE-2008-5967
CVE-2008-5967 affects PHP iCalendar up to version 2.x. The issue is that admin/index.php does not require administrative authentication for an addupdate action, enabling remote attackers to upload a calendar (.ics) file with arbitrary content to the calendars/ directory outside the web root. This...