|
Family: CGI abuses --> Category: attack
WebCalendar assistant_edit.php Unauthorized Access Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for assistant_edit.php unauthorized access vulnerability in WebCalendar
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server has a PHP script that allows unauthorized
access.
Description :
The remote version of WebCalendar fails to restrict access to the
script 'assistant_edit.php'. A possible hacker can use this script to
change assistants and to display all users in the system even when the
'Public access can view other users' setting has been disabled.
See also :
http://sourceforge.net/project/shownotes.php?release_id=328057
Solution :
Upgrade to WebCalendar 1.0.0 or newer.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|