Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WebCalendar < 1.0.2 Multiple Vulnerabilities

High

Synopsis

The remote web server has a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server has a PHP application that is affected by multiple vulnerabilities. The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'export_handler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user ID. In addition, the 'activity_log.php', 'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to HTTP response splitting attacks.

Solution

Upgrade to version 1.0.2 or higher.