CVE-2008-5967

2009-01-26T20:30:00
ID CVE-2008-5967
Type cve
Reporter cve@mitre.org
Modified 2017-10-19T01:30:00

Description

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.