WebCalendar Index.PHP Information Disclosure Vulnerability
BID:18175
CVE-2006-2762 |Info
WebCalendar Index.PHP Information Disclosure Vulnerability
| Bugtraq ID: | 18175 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-2762 |
| Remote: | Yes |
| Local: | No |
| Published: | May 31 2006 12:00AM |
| Updated: | Jun 13 2006 05:21PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
k5n WebCalendar 1.0.3 k5n WebCalendar 1.0.2 k5n WebCalendar 1.0.1 k5n WebCalendar 1.0 RC3 k5n WebCalendar 1.0 rc2 k5n WebCalendar 1.0 RC1 k5n WebCalendar 1.0 k5n WebCalendar 0.9.45 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
k5n WebCalendar 1.0.4 |
Discussion
WebCalendar Index.PHP Information Disclosure Vulnerability
WebCalendar is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
WebCalendar version 1.0.3 is vulnerable; other versions may be affected.
WebCalendar is prone to an information-disclosure vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve the contents of arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.
WebCalendar version 1.0.3 is vulnerable; other versions may be affected.
Exploit / POC
WebCalendar Index.PHP Information Disclosure Vulnerability
This vulnerability may be exploited with a web client.
This vulnerability may be exploited with a web client.
Solution / Fix
WebCalendar Index.PHP Information Disclosure Vulnerability
Solution:
The vendor has released version 1.0.4 to address this issue.
Please see the referenced vendor advisories for further information.
k5n WebCalendar 1.0
k5n WebCalendar 1.0 RC3
k5n WebCalendar 1.0 RC1
k5n WebCalendar 1.0 rc2
k5n WebCalendar 1.0.1
k5n WebCalendar 1.0.2
k5n WebCalendar 1.0.3
Solution:
The vendor has released version 1.0.4 to address this issue.
Please see the referenced vendor advisories for further information.
k5n WebCalendar 1.0
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0 RC3
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0 RC1
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0 rc2
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0.1
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0.2
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
k5n WebCalendar 1.0.3
-
WebCalendar WebCalendar-1.0.4.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-1.0.4.tar.g z?download
References
WebCalendar Index.PHP Information Disclosure Vulnerability
References:
References: