Absolute Path Traversal and Server-Side Request Forgery Vulnerability in ICS Calendar
CVE-2023-46784
8.2HIGH
What is CVE-2023-46784?
The ICS Calendar by Room 34 Creative Services, LLC has been identified with vulnerabilities allowing for improper limitation of a pathname to a restricted directory and server-side request forgery. This situation permits attackers to exploit path traversal techniques, gaining unauthorized access to sensitive files stored within the system. Additionally, malicious users could perform server-side request forgery, potentially allowing them to interact with internal services in ways not intended by the developers. Affected versions include all prior to 10.12.0.3, posing significant risk to users if not addressed.
Affected Version(s)
ICS Calendar <= 10.12.0.3