Info

Disclosure

Apr 12, 2005

Discovery

Unknown

Dates

Exploit

Apr 12, 2005

Solution

Unknown

Description

EasyPHPCalendar contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker provides malformed input to the 'ev' variable in the popup.php script, which will disclose the installation path resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 6.2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

NashTech, Inc.

EasyPHPCalendar

Unknown or Unspecified

References

Security Tracker: 1013704
Related OSVDB ID: 15544
CVE ID: 2005-1144 (see also: NVD)
Vendor URL: http://www.easilysimplecalendar.com/
Other Advisory URL: http://www.snkenjoi.com/secadv/secadv4.txt

Credit

sNKenjoi - snkenjoigmail.com -

Direct URL: http://osvdb.org/15545