CVE-2008-5967

CVE-2008-5967 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root.

Learn more about our Web App Pen Testing.