Exposures › CVE-2026-48939
iCagenda allows arbitrary file uploads leading to PHP code execution via its attachment feature.
This vulnerability enables attackers to upload malicious PHP files through the file attachment feature, resulting in remote code execution. DIB organizations must ensure iCagenda is patched and verify upload restrictions to prevent unauthorized code execution.
Shame score — The vulnerability allows arbitrary file uploads leading to PHP code execution, which is a significant security risk for systems handling sensitive data.
iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
No correlated FedRAMP products.