Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

WebCalendar assistant_edit.php Unauthorized Access Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for assistant_edit.php unauthorized access vulnerability in WebCalendar

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server has a PHP script that allows unauthorized

Description :

The remote version of WebCalendar fails to restrict access to the
script 'assistant_edit.php'. A possible hacker can use this script to
change assistants and to display all users in the system even when the
'Public access can view other users' setting has been disabled.

See also :

Solution :

Upgrade to WebCalendar 1.0.0 or newer.

Threat Level:

Low / CVSS Base Score : 2

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.