CVE-2008-5968

PHP iCalendar <2.24 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in print.php in PHP iCalendar 2.24 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cookie_language parameter in a phpicalendar_* cookie, a different vector than CVE-2006-1292.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/6519

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48322

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6519

Scores

EPSS 0.0290

EPSS Percentile 86.4%

Details

CWE

CWE-22

Status published

Products (15)

phpicalendar/phpicalendar 0.7

phpicalendar/phpicalendar 0.8

phpicalendar/phpicalendar 0.9

phpicalendar/phpicalendar 0.9.5

phpicalendar/phpicalendar 1.0

phpicalendar/phpicalendar 1.1

phpicalendar/phpicalendar 2.0 beta

phpicalendar/phpicalendar 2.0.1

phpicalendar/phpicalendar 2.0c

phpicalendar/phpicalendar 2.1

... and 5 more

Published Jan 26, 2009

Tracked Since Feb 18, 2026