WebCalendar < 1.0.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3303

Synopsis

The remote web server has a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server has a PHP application that is affected by multiple vulnerabilities. The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'export_handler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user ID. In addition, the 'activity_log.php', 'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to HTTP response splitting attacks.

Solution

Upgrade to version 1.0.2 or higher.

See Also

http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities

http://www.securityfocus.com/archive/1/418286/30/0/threaded

https://sourceforge.net/tracker/index.php?func=detail&amp;aid=1369439&amp;group_id=3870&amp;atid=303870

http://www.k5n.us/webcalendar.php

Plugin Details

Severity: High

ID: 3303

File Name: 3303.prm

Family: CGI

Published: 2005/11/29

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 20250

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-3949, CVE-2005-3961, CVE-2005-3982

BID: 15606, 15608, 15662, 15673

OSVDB: 21216, 21217, 21218, 21219, 21220, 21383