PHP iCalendar Local File Inclusion
High Nessus Network Monitor Plugin ID 3479
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running PHP iCalendar, an open-source PHP blog. This version of iCalendar is vulnerable to a flaw wherein a local user can gain access to confidential data by requesting the data from the iCalendar application. Successful exploitation would lead to a local user gaining access to confidential data. In addition, the remote host is vulnerable to a remote file upload flaw. An attacker exploiting this flaw would be able to manipulate the application into uploading and executing potentially malicious scripts.
SolutionNo solution is known at this time.