CVE-2008-5967

Name of the Vulnerable Software and Affected Versions PHP iCalendar versions 2.3.4, 2.24, and earlier

Description The issue allows remote attackers to upload a calendar file with arbitrary content to the calendars/ directory outside the web root, due to the lack of administrative authentication required for an addupdate action in the admin/index.php file.

Recommendations For PHP iCalendar versions 2.3.4, 2.24, and earlier, consider restricting access to the admin/index.php file until a patch is available, and ensure proper authentication mechanisms are in place for administrative actions.