mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-01 11:10:36 +00:00
730 B
730 B
CVE-2008-5967
Description
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
POC
Reference
Github
No PoCs found on GitHub currently.