Detections
Analytics

WebCalendar < 1.0.2 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 3303

Synopsis

The remote web server has a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server has a PHP application that is affected by multiple vulnerabilities. The remote version of WebCalendar does not validate input to the 'id' and 'format' parameters of the 'export_handler.php' script before using it to overwrite files on the remote host, subject to the privileges of the web server user ID. In addition, the 'activity_log.php', 'admin_handler.php', 'edit_report_handler.php', 'edit_template.php' and 'export_handler.php' scripts are prone to SQL injection attacks and the 'layers_toggle.php' script is prone to HTTP response splitting attacks.

Solution

Upgrade to version 1.0.2 or higher.

See Also

http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities

http://www.securityfocus.com/archive/1/418286/30/0/threaded

https://sourceforge.net/tracker/index.php?func=detail&aid=1369439&group_id=3870&atid=303870

http://www.k5n.us/webcalendar.php

Plugin Details

Severity: High

ID: 3303

Family: CGI

Published: 11/29/2005

Updated: 3/6/2019

Nessus ID: 20250

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:webcalendar:webcalendar

Reference Information

CVE: CVE-2005-3949, CVE-2005-3961, CVE-2005-3982

BID: 15606, 15608, 15662, 15673