Information Disclosure in CalendarScript 3.21 via Invalid Year and Month Parameters

CVE-2005-1148 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.

Learn more about our Web Application Penetration Testing UK.