7.5
CVE-2006-1291
- EPSS 5.23%
- Veröffentlicht 19.03.2006 23:02:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginpublish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Php Icalendar ≫ Php Icalendar Version <= 2.2.1
Php Icalendar ≫ Php Icalendar Version2.0
Php Icalendar ≫ Php Icalendar Version2.0.1
Php Icalendar ≫ Php Icalendar Version2.0a2
Php Icalendar ≫ Php Icalendar Version2.0b
Php Icalendar ≫ Php Icalendar Version2.0c
Php Icalendar ≫ Php Icalendar Version2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.23% | 0.897 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|