CVE-2005-1147

high

Description

calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/20102

http://www.snkenjoi.com/secadv/secadv3.txt

http://www.osvdb.org/15546

http://securitytracker.com/id?1013705

Details

Source: Mitre, NVD

Published: 2005-04-12

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00517