Vulnerability Details CVE-2002-2065
WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=93295
- http://www.iss.net/security_center/static/9296.php
- http://www.securityfocus.com/bid/4961
- http://sourceforge.net/project/shownotes.php?group_id=3870&release_id=93295
- http://www.iss.net/security_center/static/9296.php
- http://www.securityfocus.com/bid/4961
Products affected by CVE-2002-2065
-
cpe:2.3:a:webcalendar:webcalendar:0.9.31
-
cpe:2.3:a:webcalendar:webcalendar:0.9.32
-
cpe:2.3:a:webcalendar:webcalendar:0.9.33
-
cpe:2.3:a:webcalendar:webcalendar:0.9.34