Main
Vulnerability Database
Exploits
ID:12815 - Exploit for Arbitrary file upload in iCagenda - CVE-2026-48939
ID:12815 - Exploit for Arbitrary file upload in iCagenda - CVE-2026-48939
Published: July 17, 2026
Vulnerability identifier: #VU138307
Vulnerability risk: Critical
CVE-ID: CVE-2026-48939
CWE-ID: CWE-434
Exploitation vector: Remote access
Vulnerable software:
iCagenda
iCagenda
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote non-authenticated attacker can upload a malicious PHP file and execute it on the server.
Remediation
Install updates from vendor's website.