Digital Interchange Calendar V. 5.7.13

vendor:

Digital Interchange Calendar

by:

ByALBAYX

7.5

CVSS

HIGH

Path Disclosure

200

CWE

Product Name: Digital Interchange Calendar

Affected Version From: 5.7.13

Affected Version To: 5.7.13

Patch Exists: YES

Related CWE: N/A

CPE: a:digital_interchange:digital_interchange_calendar

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Digital Interchange Calendar V. 5.7.13

Digital Interchange Calendar version 5.7.13 suffers from a path disclosure vulnerability. This allows an attacker to view the physical path of the web application. This can be exploited to gain sensitive information which can be used to launch further attacks.

Mitigation:

The vendor has released a patch to address this issue. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

@~~=======================================~~@
====C4TEAM.ORG====ByALBAYX====C4TEAM.ORG=====
@~~=======================================~~@
@~~=Author   : ByALBAYX

@~~=Website  : WWW.C4TEAM.ORG

@~~=Contry   : Turkish
@~~=======================================~~@
@~~=Script   :Digital Interchange Calendar V. 5.7.13

@~~=S.Site   :http://digitalinterchange.com

@~~=Dty      :http://digitalinterchange.com/products/index.asp?iProductID=1

@~~=Price    :$129.00
@~~=======================================~~@

@~~=Vul:

@~~=http://c4team.org/ [PATH] /admin/registration_options.asp

@~~=http://c4team.org/ [PATH] /admin/add_registration_option.asp

@~~=http://c4team.org/ [PATH] /admin/set_registration_option_status.asp


Vs....


@~~=Demo:

@~~=http://calendar.digitalinterchange.com

@~~=http://eeba.org/calendar

@~~=http://mema.state.md.us/calendar

@~~=http://iamu.org/calendar

@~~=http://usgbcutah.org/calendar

@~~=======================================~~@
:( :( :(
@~~=======================================~~@

# milw0rm.com [2009-03-02]