Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5967

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5967
Last Modified 05 Feb 2009 01:52:49
Published 26 Jan 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5967

Summary

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

Vulnerable Systems

Application

  • Phpicalendar 0.7

  • Phpicalendar 0.8

  • Phpicalendar 0.9

  • Phpicalendar 0.9.5

  • Phpicalendar 1.0

  • Phpicalendar 1.1

  • Phpicalendar 2.0

  • Phpicalendar 2.0.1

  • Phpicalendar 2.0c

  • Phpicalendar 2.1

  • Phpicalendar 2.2

  • Phpicalendar 2.21

  • Phpicalendar 2.22

  • Phpicalendar 2.23

  • Phpicalendar 2.24

  • Phpicalendar 2.3.4


References

XF - phpicalendar-index-file-upload(48323)

SECUNIA - 31944

MILW0RM - 6519


Last Updated: 27 May 2016 10:49:00