The calendar module for phpgroupware 0.9.14 does not enforce the save extension feature for holiday files, which allows remote attackers to create and execute PHP files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpgroupware | Phpgroupware | 0.9.14 (including) | 0.9.14 (including) |