Information disclosure in K5n Webcalendar
CVE-2011-3814
WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php an…
Vulnerability class: Information Disclosure
EPSS: 0.012 (65.5th percentile) — read the EPSS interpretation.
Affected products
- K5n Webcalendar — versions 1.2.3
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (x_refsource_MISC)