PHP iCalendar File Upload Security Bypass and Code Execution Vulnerabilities
Technical Description
Two vulnerabilities have been identified in PHP iCalendar, which may be exploited by remote attackers to execute arbitrary commands.
The first flaw is due to input validation errors when processing the "cookie_language" and "cookie_style" parameters, which could be exploited by attackers to include local files.
The second issue is due to an input validation error in the "publish.ical.php" script that does not properly validate the "X-WR-CALNAME" parameter, which could be exploited by attackers to upload arbitrary files and execute arbitrary commands in combination with the first issue.
Affected Products
PHP iCalendar version 2.21 and prior
Solution
The FrSIRT is not aware of any official supplied patch for this issue.
References
http://www.frsirt.com/english/advisories/2006/1019
Credits
Vulnerabilities reported by rgod