• info
• discussion
• exploit
• solution
• references

WebCalendar Edit_User_Handler.PHP Unauthorized Access Vulnerability

WebCalendar is a web application written in PHP and used to maintain a calendar for a single or multiple users.

A vulnerability has been reported in WebCalendar that may allow attackers to obtain unauthorized administrative access.

Knowledgeable users can simply specify commands in URLs containing the command and a userid without entering any authentication information.