| VID |
21866 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHP iCalendar is vulnerable to an arbitrary file upload vulnerability via the 'publish.ical.php' script. PHP iCalendar is a web-based calendar viewer / parser written in PHP. The 'publish.ical.php' script in PHP iCalendar version 2.21 and earlier versions does not require authentication for write access to the calendars directory, which allows a remote attacker to upload arbitrary files. By sending a specially-crafted PUT request with a filename containing a NULL character in the 'X-WR-CALNAME' parameter to the 'publish.ical.php' script, a remote attacker could upload and execute arbitrary PHP scripts on the affected host.
* References:
http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php
http://secunia.com/advisories/19285/
http://www.milw0rm.com/exploits/1586
* Platforms Affected:
PHP iCalendar version 2.21 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of March 2006.
Upgrade to a version of PHP iCalendar greater than 2.21, when new fixed version becomes available from the SourceForge.net Download Web site at http://sourceforge.net/project/showfiles.php?group_id=62270
As a workaround, disable the calendar upload functionality by editing the application's 'config.inc.php' file and set '$phpicalendar_publishing' to 0. |
| Related URL |
CVE-2006-1291 (CVE) |
| Related URL |
17129 (SecurityFocus) |
| Related URL |
(ISS) |
|
