Vulnerability Details CVE-2004-1509
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18029
- http://marc.info/?l=bugtraq&m=110011618724455&w=2
- http://secunia.com/advisories/13164
- http://www.securityfocus.com/bid/11651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18029
Products affected by CVE-2004-1509
-
cpe:2.3:a:webcalendar:webcalendar:0.9.11
-
cpe:2.3:a:webcalendar:webcalendar:0.9.15
-
cpe:2.3:a:webcalendar:webcalendar:0.9.16
-
cpe:2.3:a:webcalendar:webcalendar:0.9.19
-
cpe:2.3:a:webcalendar:webcalendar:0.9.20
-
cpe:2.3:a:webcalendar:webcalendar:0.9.21
-
cpe:2.3:a:webcalendar:webcalendar:0.9.22
-
cpe:2.3:a:webcalendar:webcalendar:0.9.23
-
cpe:2.3:a:webcalendar:webcalendar:0.9.24
-
cpe:2.3:a:webcalendar:webcalendar:0.9.25
-
cpe:2.3:a:webcalendar:webcalendar:0.9.26
-
cpe:2.3:a:webcalendar:webcalendar:0.9.27
-
cpe:2.3:a:webcalendar:webcalendar:0.9.28
-
cpe:2.3:a:webcalendar:webcalendar:0.9.29
-
cpe:2.3:a:webcalendar:webcalendar:0.9.30
-
cpe:2.3:a:webcalendar:webcalendar:0.9.31
-
cpe:2.3:a:webcalendar:webcalendar:0.9.32
-
cpe:2.3:a:webcalendar:webcalendar:0.9.33
-
cpe:2.3:a:webcalendar:webcalendar:0.9.34
-
cpe:2.3:a:webcalendar:webcalendar:0.9.35
-
cpe:2.3:a:webcalendar:webcalendar:0.9.36
-
cpe:2.3:a:webcalendar:webcalendar:0.9.37
-
cpe:2.3:a:webcalendar:webcalendar:0.9.38
-
cpe:2.3:a:webcalendar:webcalendar:0.9.39
-
cpe:2.3:a:webcalendar:webcalendar:0.9.40
-
cpe:2.3:a:webcalendar:webcalendar:0.9.41
-
cpe:2.3:a:webcalendar:webcalendar:0.9.42
-
cpe:2.3:a:webcalendar:webcalendar:0.9.43
-
cpe:2.3:a:webcalendar:webcalendar:0.9.44
-
cpe:2.3:a:webcalendar:webcalendar:0.9.8