Family: CGI abuses --> Category: attack
WebCalendar assistant_edit.php Unauthorized Access Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for assistant_edit.php unauthorized access vulnerability in WebCalendar
Detailed Explanation for this Vulnerability Test
The remote web server has a PHP script that allows unauthorized
The remote version of WebCalendar fails to restrict access to the
script 'assistant_edit.php'. A possible hacker can use this script to
change assistants and to display all users in the system even when the
'Public access can view other users' setting has been disabled.
See also :
Upgrade to WebCalendar 1.0.0 or newer.
Low / CVSS Base Score : 2
Click HERE for more information and discussions on this network vulnerability scan.