Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpicalendar 授权问题漏洞
Vulnerability Description
PHP iCalendar 2.3.4,2.24及之前版本中的admin/index.php并不要求对增加更新操作进行管理身份认证,这使得远程攻击者可以上传一个有任意内容的日历文件(又称.ics)到web根外的calendars/directory。
CVSS Information
N/A
Vulnerability Type
N/A