PHP iCalendar < 2.25 Administrative Bypass
High Nessus Network Monitor Plugin ID 4690
SynopsisThe remote host is vulnerable to a flaw that allows for the bypassing of authentication.
DescriptionThe remote host is running PHP iCalendar, an open-source PHP blog. This version of iCalendar is vulnerable to a flaw where a remote user can, by manually changing their cookie, gain administrative access to the application.
SolutionWhen available, upgrade to version 2.25 or higher.