Vulnerabilities > Phpicalendar > Phpicalendar > 2.23
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-26 | CVE-2008-5968 | Path Traversal vulnerability in PHPicalendar Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2009-01-26 | CVE-2008-5967 | Improper Authentication vulnerability in PHPicalendar admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root. | 7.5 |
2009-01-05 | CVE-2008-5840 | Permissions, Privileges, and Access Controls vulnerability in PHPicalendar and PHPicalendar2.0 PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. | 7.5 |