Unrestricted File Upload Vulnerability in phpgroupware 0.9.14 Calendar Module

Unrestricted File Upload Vulnerability in phpgroupware 0.9.14 Calendar Module

CVE-2004-0016 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.

Learn more about our Web Application Penetration Testing UK.