WebCalendar Multiple Vulnerabilities Name Multiple Vulnerabilities in WebCalendar Systems Affected WebCalendar (verified on 1.0.1) Severity Medium Risk Vendor www.k5n.us/webcalendar.php?topic=About Advisory http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/ Advisory http://www.ush.it/team/ascii/hack-WebCalendar/advisory.txt Author Francesco "“aScii"” Ongaro (ascii at katamail . com) Date 20051128 WebCalendar is vulnerable to four SQL Injection (files activity_log.php, admin_handler.php, edit_template.php and export_handler.php) and one local file overwrite (export_handler.php), input validation will fix. Advisory released on 20051128: WebCalendar Multiple Vulnerabilities http://www.ush.it/2005/11/28/webcalendar-multiple-vulnerabilities/
