Directory traversal

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the cookielanguage parameter in a phpicalendar cookie, a different vector than CVE-2006-1292...

PHP iCalendar 2.24 - 'cookie_language' Local File Inclusion / Arbitrary File Upload

'.$lang'lcalfile'.' '.$filenumber.': '.$lang'lactionsuccess'.''; 84. else 85. $addupdatemsg = $addupdatemsg...