CVE-2004-0016 Information

Description

The calendar module for phpgroupware 0.9.14 does not enforce the \save extension\ feature for holiday files which allows remote attackers to create and execute PHP files.

Reference

http://www.debian.org/security/2004/dsa-419 http://www.osvdb.org/6860 http://www.securityfocus.com/bid/9387 https://exchange.xforce.ibmcloud.com/vulnerabilities/13489