Information Disclosure in CalendarScript 3.20 via Invalid Parameters

CVE-2005-1147 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information.

Learn more about our Web Application Penetration Testing UK.