Security Advisory

CVE-2006-1291

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-03-19 23:00:00

Last updated 2024-08-07 17:03:29

Assigner mitre

State PUBLISHED

Description

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.

← Browse all CVEs View on cve.org ↗