CVE-2005-1148

CVE-2005-1148

EPSS 1.6%

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securitytracker.com/id?1013705 https://exchange.xforce.ibmcloud.com/vulnerabilities/20102 http://www.snkenjoi.com/secadv/secadv3.txt