ID CVE-2007-3259
Summary Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
References
Vulnerable Configurations
  • cpe:2.3:a:vincent_hor:calendarix:0.7.2007-03-07:*:*:*:*:*:*:*
    cpe:2.3:a:vincent_hor:calendarix:0.7.2007-03-07:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20070625 Calendarix version 0.7. 20070307 Multiple Path Disclosure Vulnerabilities
misc http://www.netvigilance.com/advisory0036
osvdb
  • 35371
  • 35697
  • 35698
  • 35699
sreason 2841
xf calendarix-multiple-path-disclosure(35041)
Last major update 16-10-2018 - 16:48
Published 26-06-2007 - 17:30
Last modified 16-10-2018 - 16:48
Back to Top