CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
95.2%
Secunia reports:
socsam has discovered a vulnerability in WebCalendar,
which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive
information.
Input passed to the “includedir” parameter isn’t properly
verified, before it is used in an “fopen()” call. This can
be exploited to load an arbitrary setting file from an
external web site.
This can further be exploited to disclose the content of
arbitrary files by defining the “user_inc” variable in a
malicious setting file.
Successful exploitation requires that “register_globals”
is enabled.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | webcalendar | < 1.0.4 | UNKNOWN |