The calendar module for phpgroupware 0.9.14 does not enforce the save extension feature for holiday files, which allows remote attackers to create and execute PHP files.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Phpgroupware |
Phpgroupware |
0.9.14 |
0.9.14 |
References