Calendarix calendar.php Multiple Variable Path Disclosure

2007-06-12T00:00:00
ID OSVDB:35371
Type osvdb
Reporter OSVDB
Modified 2007-06-12T00:00:00

Description

Technical Description

This vulnerability is only present when the display_errors PHP option is 'on'.

Manual Testing Notes

http://[target]/[PRODUCT-DIRECTORY]/calendar.php?month[]=1 http://[target]/[PRODUCT-DIRECTORY]/calendar.php?year=10000 http://[target]/[PRODUCT-DIRECTORY]/calendar.php?month=10000

References:

Related OSVDB ID: 35698 Related OSVDB ID: 35699 Related OSVDB ID: 35697 Other Advisory URL: http://www.netvigilance.com/advisory0035 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0496.html ISS X-Force ID: 35047 CVE-2007-3258