The remote web server has a PHP application that is affected by multiple vulnerabilities.
The remote web server has a PHP application that is affected by multiple vulnerabilities. The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'export_handler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user ID. In addition, the 'activity_log.php', 'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to HTTP response splitting attacks.
Upgrade to version 1.0.2 or higher.