Описание
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | ignored | end of life, was needed |
| jaunty | ignored | end of life |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| upstream | needs-triage |
Показывать по
Ссылки на источники
7.5 High
CVSS2
Связанные уязвимости
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not req ...
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
7.5 High
CVSS2