Information Disclosure in CalendarScript 3.21 via Invalid Year and Month Parameters
CVE-2005-1148 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.
Learn more about our Web Application Penetration Testing UK.