mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 01:56:40 +02:00
0xMarcio
730 B
730 B
CVE-2008-5967
Description
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
POC
Reference
Github
No PoCs found on GitHub currently.