PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpicalendar and phpicalendar_login cookies to 1.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5840)