CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
75.3%
WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
webcalendar | webcalendar | 0.9.8 | cpe:2.3:a:webcalendar:webcalendar:0.9.8:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.11 | cpe:2.3:a:webcalendar:webcalendar:0.9.11:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.15 | cpe:2.3:a:webcalendar:webcalendar:0.9.15:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.16 | cpe:2.3:a:webcalendar:webcalendar:0.9.16:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.19 | cpe:2.3:a:webcalendar:webcalendar:0.9.19:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.20 | cpe:2.3:a:webcalendar:webcalendar:0.9.20:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.21 | cpe:2.3:a:webcalendar:webcalendar:0.9.21:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.22 | cpe:2.3:a:webcalendar:webcalendar:0.9.22:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.23 | cpe:2.3:a:webcalendar:webcalendar:0.9.23:*:*:*:*:*:*:* |
webcalendar | webcalendar | 0.9.24 | cpe:2.3:a:webcalendar:webcalendar:0.9.24:*:*:*:*:*:*:* |