cbcvebase.
CVE-2006-1291
published 2006-03-19

CVE-2006-1291: publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which…

PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.93%
93.3th percentile
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.

Affected

7 ranges
VendorProductVersion rangeFixed in
php_icalendarphp_icalendar<= 2.2.1
php_icalendarphp_icalendar
php_icalendarphp_icalendar
php_icalendarphp_icalendar
php_icalendarphp_icalendar
php_icalendarphp_icalendar
php_icalendarphp_icalendar
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.