CVE-2008-5967 Information

Description

admin/index.php in PHP iCalendar 2.3.4 2.24 and earlier does not require administrative authentication for an addupdate action which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

Reference

http://secunia.com/advisories/31944 https://exchange.xforce.ibmcloud.com/vulnerabilities/48323 https://www.exploit-db.com/exploits/6519