WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 68.6%