WebCalendar Certain Variable Overwrite Vulnerability

info
discussion
exploit
solution
references

WebCalendar Certain Variable Overwrite Vulnerability

WebCalendar is prone to a variable-overwrite vulnerability because the application fails to sanitize user-supplied input.

By overwriting system variables with arbitrary input, the attacker may be able perform cross-site scripting, SQL-injection, and other attacks.

Version 1.0.4 is vulnerable to this issue; prior versions may also be affected.