header-logo
Suggest Exploit
vendor:
WebCalendar
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: WebCalendar
Affected Version From: 1.0.0
Affected Version To: 1.0.2
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:k5n:webcalendar
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Information Disclosure in WebCalendar

WebCalendar is vulnerable to an information disclosure issue which allows an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process. This can be done by sending a specially crafted HTTP request to the vulnerable server, such as http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd.

Mitigation:

Upgrade to the latest version of WebCalendar.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8237/info

It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR