Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP iCalendar Local File Inclusion

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running PHP iCalendar, an open-source PHP blog. This version of iCalendar is vulnerable to a flaw wherein a local user can gain access to confidential data by requesting the data from the iCalendar application. Successful exploitation would lead to a local user gaining access to confidential data. In addition, the remote host is vulnerable to a remote file upload flaw. An attacker exploiting this flaw would be able to manipulate the application into uploading and executing potentially malicious scripts.

Solution

No solution is known at this time.