Detections
Analytics

WebCalendar < 1.0.2 Multiple Vulnerabilities

high Nessus Plugin ID 20250

Language:

Synopsis

The remote web server has a PHP application that is affected by multiple vulnerabilities.

Description

The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'export_handler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user id.

In addition, the 'activity_log.php', 'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to HTTP response splitting attacks.

Solution

Upgrade to WebCalendar 1.0.2 or later.

See Also

http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/

https://www.securityfocus.com/archive/1/418286/30/0/threaded

https://sourceforge.net/tracker/index.php?func=detail&aid=1369439&group_id=3870&atid=303870

Plugin Details

Severity: High

ID: 20250

File Name: webcalendar_102.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 12/2/2005

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/28/2005

Reference Information

CVE: CVE-2005-3949, CVE-2005-3961, CVE-2005-3982

BID: 15606, 15608, 15662, 15673