CVE-2006-1291

php_icalendar < 2.2.1 - Unauthenticated Arbitrary File Upload via WebDAV PUT Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1291. PoCs published by rgod.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in phpICalendar <=2.21 by injecting a null byte to bypass file extension restrictions, allowing arbitrary PHP code execution via a crafted PUT request. The exploit then triggers the uploaded shell via a GET request to execute system commands.

Description

publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1586

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in phpICalendar <=2.21 by injecting a null byte to bypass file extension restrictions, allowing arbitrary PHP code execution via a crafted PUT request. The exploit then triggers the uploaded shell via a GET request to execute system commands.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: phpICalendar <=2.21

No auth needed

Prerequisites: phpicalendar_publishing set to 1 in config.inc.php · Access to the target's publish.ical.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit x_refsource_misc

http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19285

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1586

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1019

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17129

Scores

EPSS 0.0693

EPSS Percentile 93.3%

Details

Status published

Products (7)

php_icalendar/php_icalendar 2.0

php_icalendar/php_icalendar 2.0.1

php_icalendar/php_icalendar 2.0a2

php_icalendar/php_icalendar 2.0b

php_icalendar/php_icalendar 2.0c

php_icalendar/php_icalendar 2.1

php_icalendar/php_icalendar < 2.2.1

Published Mar 19, 2006

Tracked Since Feb 18, 2026