- Description
- WebCalendar 0.9.34 and earlier with 'browsing in includes directory' enabled allows remote attackers to read arbitrary include files with .inc extensions from the web root.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webcalendar:webcalendar:0.9.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "576E931E-A40F-4087-B810-9BAA11464452"
},
{
"criteria": "cpe:2.3:a:webcalendar:webcalendar:0.9.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1BFF736-D44F-4A13-A67E-1D3103F6DBF0"
},
{
"criteria": "cpe:2.3:a:webcalendar:webcalendar:0.9.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F26E6E8-9EAB-4293-B12F-D81973C01447"
},
{
"criteria": "cpe:2.3:a:webcalendar:webcalendar:0.9.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD49942E-171A-44E4-AE84-301F3E39B117"
}
],
"operator": "OR"
}
]
}
]