7.5

CVE-2006-1291

Exploit

EPSS 6.93%
Veröffentlicht 19.03.2006 23:02:00
Zuletzt bearbeitet 16.06.2026 22:22:22
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

NVD 7 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Php Icalendar ≫ Php Icalendar Version <= 2.2.1

Php Icalendar ≫ Php Icalendar Version2.0

Php Icalendar ≫ Php Icalendar Version2.0.1

Php Icalendar ≫ Php Icalendar Version2.0a2

Php Icalendar ≫ Php Icalendar Version2.0b

Php Icalendar ≫ Php Icalendar Version2.0c

Php Icalendar ≫ Php Icalendar Version2.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.93%	0.933

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php

Exploit

http://secunia.com/advisories/19285

http://www.securityfocus.com/bid/17129

Exploit

http://www.vupen.com/english/advisories/2006/1019

https://www.exploit-db.com/exploits/1586

https://nvd.nist.gov/vuln/detail/CVE-2006-1291

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1291

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1291

EUVD