CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Phpicalendar: >> Phpicalendar >> 2.24 Security Vulnerabilities

CVE-2008-5967

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

CVSS Score

7.5

EPSS Score

0.018

Published

2009-01-26

Page 1

Vulnerabilities

Vulnerable Software

Phpicalendar: >> Phpicalendar >> 2.24 Security Vulnerabilities

Products

Pricing

Contact Us