High severity8.8NVD Advisory· Published Dec 4, 2019· Updated Jun 17, 2026
CVE-2019-18346
CVE-2019-18346
Description
A CSRF issue was discovered in DAViCal through 1.1.8. If an authenticated user visits an attacker-controlled webpage, the attacker can send arbitrary requests in the name of the user to the application. If the attacked user is an administrator, the attacker could for example add a new admin user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- DAViCal/DAViCaldescription
Patches
Vulnerability mechanics
References
10- hackdefense.com/publications/cve-2019-18346-davical-caldav-server-vulnerability/nvdExploitThird Party Advisory
- packetstormsecurity.com/files/155629/DAViCal-CalDAV-Server-1.1.8-Cross-Site-Request-Forgery.htmlnvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/17nvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/18nvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/19nvdThird Party Advisory
- gitlab.com/davical-project/davical/blob/master/ChangeLognvdRelease NotesThird Party Advisory
- www.davical.orgnvdProduct
- lists.debian.org/debian-lts-announce/2019/12/msg00016.htmlnvd
- seclists.org/bugtraq/2019/Dec/30nvd
- www.debian.org/security/2019/dsa-4582nvd
News mentions
0No linked articles in our index yet.