WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access

medium Nessus Plugin ID 11794

Language:

Synopsis

The remote web server has a PHP script that is affected by a local file include flaw.

Description

The remote installation of WebCalendar may allow an attacker to read arbitrary files on the remote host by supplying a filename to the 'user_inc' argument of the file 'long.php'.

Solution

Upgrade to WebCalendar 0.9.42 or later.

See Also

https://www.securityfocus.com/archive/1/329793

https://www.securityfocus.com/archive/1/330521/30/0/threaded

http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Plugin Details

Severity: Medium

ID: 11794

File Name: webcalendar_file_read.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 7/21/2003

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 8237