phpGroupWare contains a flaw that may allow a remote attacker to execute arbitrary files. The issue is triggered due to the 'calendar' module which does not enforce the 'save extension' feature for holiday files. It is possible that the flaw may allow a remote attacker to execute arbitrary files resulting in a loss of integrity.
Upgrade to version 0.9.14.007 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.