Detections
Analytics
WebCalendar long.php user_inc Parameter Traversal Arbitrary File Access
medium Nessus Plugin ID 11794
Language:
Synopsis
The remote web server has a PHP script that is affected by a local file include flaw.Description
The remote installation of WebCalendar may allow an attacker to read arbitrary files on the remote host by supplying a filename to the 'user_inc' argument of the file 'long.php'.Solution
Upgrade to WebCalendar 0.9.42 or later.See Also
https://www.securityfocus.com/archive/1/329793
https://www.securityfocus.com/archive/1/330521/30/0/threaded
http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588
Plugin Details
Severity: Medium
ID: 11794
File Name: webcalendar_file_read.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 7/21/2003
Updated: 6/1/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Reference Information
BID: 8237