CVE-2008-5840 – PHP iCalendar 2.24 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-5840

PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1. PHP iCalendar v2.24 y anteriores permite a atacantes remotos evitar la autenticación estableciendo las cookies phpicalendar y phpicalendar_login a 1. • https://www.exploit-db.com/exploits/6526 http://securityreason.com/securityalert/4865 http://www.securityfocus.com/bid/31320 https://exchange.xforce.ibmcloud.com/vulnerabilities/45338 • CWE-264: Permissions, Privileges, and Access Controls •